Abstract
One of the greatest difficulties in anomaly detection is to obtain training data having no intrusions. In anomaly detection, training data should be obtained from the target system. If there exists an intrusion in this data, the trained intrusion detection system will assume that it is normal and will not detect subsequent occurrences. In this paper, we present a system call based anomaly detection method that can detect intrusions effectively even though the training set contains intrusions. This scheme exploits the property that if there is an intrusion hidden in the training data, it is likely to consist of a sequence of elements having low frequencies of occurrence. Compared with the previous schemes, simulation results show that with the training data containing intrusions the proposed method has lower false positive rates and higher detection rates. Moreover, for clean training data our method and the previous schemes shows similar performance. The proposed method can be viewed as an approach to increase practicality of anomaly detection and to enhance reliability of security policy.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Barnett, V., Lewis, T.: Outliers in Statistical Data. John Wiley and Sons, New York (1994)
CERT. CERT Advisory CA-1997-13 Vulnerability in xlock, http://www.cert.org/advisories/CA-1997-13.html (1997)
CERT. CERT Advisory CA-98.05 Topic: Multiple Vulnerabilities in BIND, http://www.cert.org/advisories/CA-98.05.bind_problems.html (1998)
Computer Science Department Univ. of New Mexico. Sequence-based intrusion detection data sets, http://www.cs.unm.edu/~immsec/systemcalls.htm (1998)
Eskin, E.: Anomaly Detection over Noisy Data using Learned Probability Distributions. In: Proceedings of 17th International Conference on Machine Learning, Morgan Kaufmann, San Francisco, CA, pp. 255–262 (2000)
Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. In: IEEE Symposium on Security and Privacy, pp. 130–143 (2001)
Ran, K.M.C., Maxion, R.A.: Why 6? Defining the Operational Limits of stide, an Anomaly-Based Intrusion Detector. In: IEEE Symposium on Security and Privacy, Los Alamitos, CA, pp. 188–201 (2002)
Warrender, C., Forrest, S., Pearlmutter, B.A.: Detecting Intrusions using System Calls: Alternative Data Models. In: IEEE Symposium on Security and Privacy, pp. 133–145 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, Y., Lee, J., Cho, Y. (2004). Intrusion Detection Using Noisy Training Data. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_66
Download citation
DOI: https://doi.org/10.1007/978-3-540-24707-4_66
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22054-1
Online ISBN: 978-3-540-24707-4
eBook Packages: Springer Book Archive