Skip to main content
Springer Nature Link
Log in

Intrusion Detection System Using Sequence and Set Preserving Metric

  • Conference paper
Intelligence and Security Informatics (ISI 2005)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3495))

Included in the following conference series:

  • 4161 Accesses

Abstract

Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. In this paper we investigate the use of sequences of system calls for classifying intrusions and faults induced by privileged processes in Unix Operating system. In our work we applied sequence-data mining approach in the context of intrusion detection system (IDS). This paper introduces a new similarity measure that considers both sequence as well as set similarity among sessions. Considering both order of occurrences as well as content in a session enhances the capabilities of kNN classifier significantly, especially in the context of intrusion detection. From our experiments on DARPA 1998 IDS dataset we infer that the order of occurrences plays a major role in determining the nature of the session. The objective of this work is to construct concise and accurate classifiers to detect anomalies based on sequence as well as set similarity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bace, R.: Intrusion Detection. Macmillan Technical Publishing, Basingstoke (2000)

    Google Scholar 

  2. Base, R., Mell, P.: NIST special publication on intrusion detection system. NIST, pp. 800–831 (2001)

    Google Scholar 

  3. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of self for UNIX process. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 120–128 (1996)

    Google Scholar 

  4. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion Detection Using Sequences of System calls. Journal of Computer Security 6, 151–180 (1996)

    Google Scholar 

  5. Kumar, S., Sppafford, E.H.: A pattern matching model for misuse intrusion detection. In: 17th National Computer Security Conference, pp. 11–21 (1994)

    Google Scholar 

  6. Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proceedings of the 7th USENIX Security Symposium (1998)

    Google Scholar 

  7. Levenshtein, L.I.: Binary codes capable of correcting deletions, insertions, and reversals. Soviet Physics–Doklady 10(7), 707–710 (1966)

    MathSciNet  Google Scholar 

  8. Liao, Y., Vemuri, V.R.: Using Text Categorization Techniques for Intrusion Detection. In: Proceedings USENIX Security, pp. 51–59 (2002)

    Google Scholar 

  9. Rawat, S., Pujari, A.K., Gulati, V.P., Vemuri Rao, V.: Intrusion Detection using Text Processing Techniques with a Binary-Weighted Cosine Metric. International Journal of Information Security (2004)

    Google Scholar 

  10. Mitchell, T.M.: Machine learning. Mc Graw Hill, New York (1997)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Development and Research in Banking Technology, IDRBT, Castle Hills, Masab Tank, Hyderabad, 500057, India

    Pradeep Kumar, M. Venkateswara Rao, P. Radha Krishna & Arijit Laha

  2. University of Hyderabad, Gochibowli, Hyderabad, 500046, India

    Pradeep Kumar, M. Venkateswara Rao & Raju S. Bapi

Authors
  1. Pradeep Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Venkateswara Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. P. Radha Krishna
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Raju S. Bapi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Arijit Laha
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Library and Information Science, Rutgers University,  

    Paul Kantor

  2. School of Communication, Information and Library Studies, Rutgers University, 4 Huntington Street, 08901-1071, New Brunswick, NJ, USA

    Gheorghe Muresan

  3. Artificial Solutions, Altonaer Poststraße 13b, 22767, Hamburg, Germany

    Fred Roberts

  4. MIS Department, University of Arizona, 85721, Tucson, AZ, USA

    Daniel D. Zeng

  5. Institute of Automation, Chinese Academy of Sciences, Beijing, China

    Fei-Yue Wang

  6. Department of Management Information Systems, Eller College of Management, The University of Arizona, 85721, AZ, USA

    Hsinchun Chen

  7. College of Computing, Georgia Tech Information Security Center, Georgia Institute of Technology, 801 Atlantic Drive, 30332-0280, Atlanta, GA, USA

    Ralph C. Merkle

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kumar, P., Rao, M.V., Krishna, P.R., Bapi, R.S., Laha, A. (2005). Intrusion Detection System Using Sequence and Set Preserving Metric. In: Kantor, P., et al. Intelligence and Security Informatics. ISI 2005. Lecture Notes in Computer Science, vol 3495. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11427995_49

Download citation

  • DOI: https://doi.org/10.1007/11427995_49

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25999-2

  • Online ISBN: 978-3-540-32063-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics