Abstract
This paper proposes a new algorithm that improves the efficiency of the anomaly detection stage of a vector-based intrusion detection scheme. In general, intrusion detection schemes are based on the hypothesis that normal system/user behaviors are consistent and can be characterized by some behavior profiles such that deviations from the profiles are considered abnormal. In complicated computing environments, users may exhibit complicated usage patterns that the user profiles have to be established using sophisticated classification methods such as vector quantization (VQ) technique. However, anomaly detection based on the data set in a high dimension space is inefficient. In this paper we focus on the design of an algorithm that uses principal component analysis (PCA) to improve the anomaly detection efficiency. The main contribution of this research is to demonstrate how the efficiency of the anomaly detection can be raised while the effectiveness of the detection in terms of low false alarm rate and high detection rate can be maintained.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Denning, D.E.: An Intrusion Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)
Kemmerer, R.A., Vigna, G.: Intrusion Detection: A Brief History and Overiew. Security & Privacy, 27–30 (2002)
Biermann, E., Cloete, E., Venter, L.M.: A Comparison of Intrusion Detection System. Computers & Security 20, 676–683 (2001)
Verwoerd, T., Hunt, R.: Intrusion Detection Techniques and Approaches. Computer Communications 25, 1356–1365 (2002)
Lindqvist, U., Porras, P.A.: Detecting Computer and Network Misuse through the Production-based Expert System Toolset. In: Proc. IEEE Symp. Security Privacy, pp. 146–161 (1999)
Lee, W., Stolfo, S.J., Mok, K.W.: A Data Mining Framework for Building Intrusion Detection Models. In: Proc. IEEE Symp. Security Privacy, pp. 120–132 (1999)
Ye, N., Li, X., Chen, Q., Xu, M.M.: Probabilistic Techniques for Intrusion Detection Based on Computer Audit Data. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans 31(4), 266–274 (2001)
Ye, N., Emran, S.M., Chen, Q., Vilbert, S.: Multivariate Statistical Analysis of Audit Trails for Host-based Intrusion Detection. IEEE Transactions on Computers 51(7), 810–820 (2002)
Javitz, H.S., Valdes, A.: The NIDES Statistical Component Description and Justification., Technical Report A010, Menlo Park, Calif: SRI Int’l (1994)
Lam, K.Y., Hui, L., Chung, S.L.: Multivariate Data Analysis Software for Enhancing System Security. Journal of Systems Software 31, 267–275 (1995)
Shah, H., Undercoffer, J., Joshi, A.: Fuzzy Clustering for Intrusion Detection. In: Proc. of the 12th IEEE International Conference on Fuzzy Systems, vol. 2, pp. 1274–1278 (2003)
Guan, Y., Ghorbani, A.A., Belacel, N.: Y-Means: A Clustering Method for Intrusion Detection. In: Proc. of 2003 Canadian Conference on Electrical and Computer Engineering, vol. 2, pp. 1083–1086 (2003)
Sun, H.W., Lam, K.Y., Chung, S.L., Gu, M., Sun, J.G.: Anomaly Detection in Grid Computing Based on Vector Quantization. In: Proc. of the 3rd International Conference on Grid and Cooperative Computing, pp. 883–886 (2004)
Linde, Y., Buzo, A., Gray, R.M.: An Algorithm for Vector Quantizer Design. IEEE Transactions on Communications 28(1), 84–95 (1980)
Endler, D.: Intrusion Detection using Solaris’ Basic Security Module, at http://www.securityfocus.com/focus/ids/articles/idsbsm.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sun, HW., Lam, KY., Chung, SL., Gu, M., Sun, JG. (2005). An Efficient Anomaly Detection Algorithm for Vector-Based Intrusion Detection Systems. In: Lu, X., Zhao, W. (eds) Networking and Mobile Computing. ICCNMC 2005. Lecture Notes in Computer Science, vol 3619. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11534310_86
Download citation
DOI: https://doi.org/10.1007/11534310_86
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28102-3
Online ISBN: 978-3-540-31868-2
eBook Packages: Computer ScienceComputer Science (R0)