Skip to main content
SpringerLink
Log in

A Risk-Sensitive Intrusion Detection Model

  • Conference paper
  • First Online:
Information Security and Cryptology — ICISC 2002 (ICISC 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2587))

Included in the following conference series:

Abstract

Intrusion detection systems (IDSs) must meet the security goals while minimizing risks of wrong detections. In this paper, we study the issue of building a risk-sensitive intrusion detection model. To determinate whether a system calls sequence is normal or not, we consider not only the probability of this sequence belonging to normal sequences set or intrusion sequences set, but also the risk of a false detection. We define the risk model to formulate the expected risk of an intrusion detection decision, and present risk-sensitive machine learning techniques that can produce detection model to minimize the risks of false negatives and false positives. Meanwhile, this model is a hybrid model that combines misuse intrusion detection and anomaly intrusion detection. To achieve a satisfying performance, some techniques are applied to extend this model.

This paper is supported by Key Nature Science Foundation of Hubei Province under grant 2001ABA001.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. S. Axelsson, “The base-rate fallacy and the dificulty of intrusion detection”, ACM Trans. on Information and System Security, 3(3), 2000, pp.186–205114

    Article  MathSciNet  Google Scholar 

  2. J.O. Berger, Statistical decision theory: foundations, concepts, and methods, New York, Springer, 1980, pp.94–96 109

    MATH  Google Scholar 

  3. S.M. Bridges and Rayford B. Vaughn, “Fuzzy data mining and genetic algorithms applied to intrusion detection”, Proc. of the Twenty-third National Information Systems Security Conference, Baltimore, MD, October 2000 108

    Google Scholar 

  4. R.K. Cunningham, R.P. Lippmann, and S.E. Webster, “Detecting and displaying novel computer attacks with macroscope”, IEEE Trans. on Systems, Man, and Cybernetics-Part A: Systems and Humans, vol.31, No.4, July 2001, pp.275–281 108

    Article  Google Scholar 

  5. J.E. Dickerson and J.A. Dickerson, “Fuzzy network profiling for intrusion detection”, Proc. of 19th International Conference of the North American, Fuzzy Information Processing Society, 2000, NAFIPS, pp.301–306107

    Google Scholar 

  6. E. Eskin, “Anomaly Detection over Noisy Data using Learned Probability Distributions”, Proc. of ICML00, Palo Alto, CA: July, 2000 111

    Google Scholar 

  7. G. Florez, S. M. Bridges, and R.B. Vaughn, “An improved algorithm for fuzzy data mining for intrusion detection”, Proc. of NAFIPS, Annual Meeting of the North American, Fuzzy Information Processing Society, 2002, pp.457–462 107

    Google Scholar 

  8. S. Forrest, S.A. Hofmeyr, A. Somayaji, and T.A. Longsta., “A sense of self for unix processes”, Proc. IEEE Symposium on Security and Privacy, Los Alamitos, CA, 1996, pp.120–128 108, 109, 112, 113

    Google Scholar 

  9. A. Ghosh and A. Schwartzbard, “A study in using neural networks for anomaly and misuse detection”, Proc. of the Eighth USENIX seurity Symposium, 1999 107

    Google Scholar 

  10. J. John E. Gaffney and J.W. Ulvila, “Evaluation of intrusion detectors: a decision theory approach”, IEEE Symposium on Security and Privacy, 2001, pp.50–61 114

    Google Scholar 

  11. S. A. Hofmeyr, S. Forrest, and A. Somayaji, “Intrusion detection using sequences of system calls”, Journal of Computer Security, 6, 1998, pp.151–180 108

    Google Scholar 

  12. S. Forrest, S. Hofmeyr, and A. Somayaji “Computer immunology”, Communications of the ACM, 1997, vol.40, No.10, pp.88–96

    Article  Google Scholar 

  13. T. Lane and C. E. Brodley, “Sequence matching and learning in anomaly detection for computer security”, Proc. of the AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management, 1997, pp.43–49, Menlo Park, CA: AAAI Press 108, 111

    Google Scholar 

  14. T. Lane and C. E. Brodley, “Temporal sequence learning and data reduction for anomaly detection”, Proc. of the Fifth ACM Conference on Computer and Communications Security, 1998, pp.150–158 108

    Google Scholar 

  15. T. Lane and C. E. Brodley, “Temporal sequence learning and data reduction for anomaly detection”, ACM Trans. on Information and System Security, 2, 1999, pp.295–331 108

    Article  Google Scholar 

  16. L. Portnoy, E. Eskin and S. J. Stolfo, “Intrusion detection with unlabeled data using clustering”, Proc. of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001), Philadelphia, PA: November 5–8, 2001

    Google Scholar 

  17. W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok, “Toward Cost-Sensitive Modeling for Intrusion Detection and Response”, to appear in Journal of Computer Security, 2001

    Google Scholar 

  18. R.P. Lippman, D. J. Fried, I. Graf, J. W. Haines, K.R. Kendall, D. McCllung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, and M.A. Zissman, “Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation”, Proc. of DARPA Information Survivability Conference and Exposition, Jan 25–27, 2000, vol.2, pp.12–26 115

    Google Scholar 

  19. W. Lee and S. Stolfo, “Data Mining Approaches for Intrusion Detection”, Proc. of the Seventh USENIX Security Symposium (SECURITY’ 98), San Antonio, TX, January 1998 107

    Google Scholar 

  20. W. Lee, S. Stolfo, and P. Chan, “Learning Patterns from Unix Process Execution Traces for Intrusion Detection”, Proc. of AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, July 1997 107

    Google Scholar 

  21. J. Marin, D. Ragsdale, and J. Surdu, “A hybrid approach to the profile creation and intrusion detection”, Proc. of DARPA Information Survivability Conference & Exposition II, 2001. DISCEX’ 01. Proc. vol.1, 2001, pp.69–76 108

    Google Scholar 

  22. Y. Okazaki, I. Sato, and S. Goto, “A new Intrusion detection method based on process profiling”, Proc. of the 2002 Symposium on Applications and the Internet (SAINT’02) 108, 109

    Google Scholar 

  23. S. L. Scott, “A Bayesian paradigm for designing intrusion detection systems”, to appear in Computational Statistics and Data Analysis, 2002 108

    Google Scholar 

  24. C. Warrender, S. Forrest, and B. Pearlmutter, “Detecting intrusions using system calls: Alternative data models”, Proc. IEEE Symposium on Security and Privacy, 1999, pp.133–145 108

    Google Scholar 

  25. N. Ye, X. Li, Q. Chen, S.M. Emran, and M. Xu, “Probabilistic techniques for intrusion detection based on computer audit data”, IEEE Trans. on Systems, Man, and Cybernetics-Part A: Systems and Humans, vol.31, No.4, July 2001, pp.266–274 107, 108

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Internet and Cluster Computing Center, Huazhong University of Science and Technology, 430074, Wuhan, China

    Hai Jin, Jianhua Sun, Hao Chen & Zongfen Han

Authors
  1. Hai Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianhua Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zongfen Han
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Pohnag University of Science and Technology, San 31, Hyoja-dong, Nam-gu, Pohang, 790-784, Kyungbuk, Korea

    Pil Joong Lee

  2. Sejong University, 98, Gunja-dong, Gwangjin-gu, 143-747, Seoul, Korea

    Chae Hoon Lim

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jin, H., Sun, J., Chen, H., Han, Z. (2003). A Risk-Sensitive Intrusion Detection Model. In: Lee, P.J., Lim, C.H. (eds) Information Security and Cryptology — ICISC 2002. ICISC 2002. Lecture Notes in Computer Science, vol 2587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36552-4_8

Download citation

  • DOI: https://doi.org/10.1007/3-540-36552-4_8

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00716-6

  • Online ISBN: 978-3-540-36552-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation