Skip to main content
SpringerLink
Log in

An Efficient Anomaly Detection Algorithm for Vector-Based Intrusion Detection Systems

  • Conference paper
Book cover Networking and Mobile Computing (ICCNMC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3619))

Included in the following conference series:

Abstract

This paper proposes a new algorithm that improves the efficiency of the anomaly detection stage of a vector-based intrusion detection scheme. In general, intrusion detection schemes are based on the hypothesis that normal system/user behaviors are consistent and can be characterized by some behavior profiles such that deviations from the profiles are considered abnormal. In complicated computing environments, users may exhibit complicated usage patterns that the user profiles have to be established using sophisticated classification methods such as vector quantization (VQ) technique. However, anomaly detection based on the data set in a high dimension space is inefficient. In this paper we focus on the design of an algorithm that uses principal component analysis (PCA) to improve the anomaly detection efficiency. The main contribution of this research is to demonstrate how the efficiency of the anomaly detection can be raised while the effectiveness of the detection in terms of low false alarm rate and high detection rate can be maintained.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Denning, D.E.: An Intrusion Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)

    Article  Google Scholar 

  2. Kemmerer, R.A., Vigna, G.: Intrusion Detection: A Brief History and Overiew. Security & Privacy, 27–30 (2002)

    Google Scholar 

  3. Biermann, E., Cloete, E., Venter, L.M.: A Comparison of Intrusion Detection System. Computers & Security 20, 676–683 (2001)

    Article  Google Scholar 

  4. Verwoerd, T., Hunt, R.: Intrusion Detection Techniques and Approaches. Computer Communications 25, 1356–1365 (2002)

    Article  Google Scholar 

  5. Lindqvist, U., Porras, P.A.: Detecting Computer and Network Misuse through the Production-based Expert System Toolset. In: Proc. IEEE Symp. Security Privacy, pp. 146–161 (1999)

    Google Scholar 

  6. Lee, W., Stolfo, S.J., Mok, K.W.: A Data Mining Framework for Building Intrusion Detection Models. In: Proc. IEEE Symp. Security Privacy, pp. 120–132 (1999)

    Google Scholar 

  7. Ye, N., Li, X., Chen, Q., Xu, M.M.: Probabilistic Techniques for Intrusion Detection Based on Computer Audit Data. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans 31(4), 266–274 (2001)

    Article  Google Scholar 

  8. Ye, N., Emran, S.M., Chen, Q., Vilbert, S.: Multivariate Statistical Analysis of Audit Trails for Host-based Intrusion Detection. IEEE Transactions on Computers 51(7), 810–820 (2002)

    Article  Google Scholar 

  9. Javitz, H.S., Valdes, A.: The NIDES Statistical Component Description and Justification., Technical Report A010, Menlo Park, Calif: SRI Int’l (1994)

    Google Scholar 

  10. Lam, K.Y., Hui, L., Chung, S.L.: Multivariate Data Analysis Software for Enhancing System Security. Journal of Systems Software 31, 267–275 (1995)

    Article  Google Scholar 

  11. Shah, H., Undercoffer, J., Joshi, A.: Fuzzy Clustering for Intrusion Detection. In: Proc. of the 12th IEEE International Conference on Fuzzy Systems, vol. 2, pp. 1274–1278 (2003)

    Google Scholar 

  12. Guan, Y., Ghorbani, A.A., Belacel, N.: Y-Means: A Clustering Method for Intrusion Detection. In: Proc. of 2003 Canadian Conference on Electrical and Computer Engineering, vol. 2, pp. 1083–1086 (2003)

    Google Scholar 

  13. Sun, H.W., Lam, K.Y., Chung, S.L., Gu, M., Sun, J.G.: Anomaly Detection in Grid Computing Based on Vector Quantization. In: Proc. of the 3rd International Conference on Grid and Cooperative Computing, pp. 883–886 (2004)

    Google Scholar 

  14. Linde, Y., Buzo, A., Gray, R.M.: An Algorithm for Vector Quantizer Design. IEEE Transactions on Communications 28(1), 84–95 (1980)

    Article  Google Scholar 

  15. Endler, D.: Intrusion Detection using Solaris’ Basic Security Module, at http://www.securityfocus.com/focus/ids/articles/idsbsm.html

Download references

Author information

Authors and Affiliations

  1. School of Software, Tsinghua University, Beijing, 100084, PR China

    Hong-Wei Sun, Kwok-Yan Lam, Ming Gu & Jia-Guang Sun

  2. School of Business & Administration, The Open University of Hong Kong,  

    Siu-Leung Chung

Authors
  1. Hong-Wei Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kwok-Yan Lam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Siu-Leung Chung
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ming Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jia-Guang Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. National Laboratory for Parallel and Distributed Processing, NUDT, 410073, Changsha, Hunan, China

    Xicheng Lu

  2. Department of Radiology, State University of New York at Stony Brook, L-4, 120 Health Sciences Center, 11793-8460, Stony Brook, New York,  

    Wei Zhao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sun, HW., Lam, KY., Chung, SL., Gu, M., Sun, JG. (2005). An Efficient Anomaly Detection Algorithm for Vector-Based Intrusion Detection Systems. In: Lu, X., Zhao, W. (eds) Networking and Mobile Computing. ICCNMC 2005. Lecture Notes in Computer Science, vol 3619. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11534310_86

Download citation

  • DOI: https://doi.org/10.1007/11534310_86

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28102-3

  • Online ISBN: 978-3-540-31868-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation