Abstract
Intrusion detection systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to identify intrusion effectively and accurately. However, the performance of misuse intrusion detection system (MIDS) or anomaly intrusion detection system (AIDS) is not satisfying. In this paper, we study the issue of building a compound intrusion detection model, which has the merits of MIDS and AIDS. To build this compound model, we propose an improved Bayesian decision theorem. The improved Bayesian decision theorem brings some profits to this model: to eliminate the flaws of a narrow definition for intrusion patterns, to extend the known intrusions patterns to novel intrusions patterns, to reduce risks that detecting intrusion brings to system and to offer a method to build a compound intrusion detection model that integrates MIDS with AIDS.
This paper is supported by Key Nature Science Foundation of Hubei Province under grant 2001ABA001
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Axelsson, S.: Intrusion Detection Systems: A Taxonomy and Survey. Technical Report No 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden (March 2000)
Axelsson, S.: The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. In: Proc. of the 6th ACM Conference on Computer and Communications Security, Kent Ridge Digital Labs, Singapore, November 1–4, pp. 1–7 (1999)
Casella, G., Berger, R.: Statistical Inference, pp. 260–270. Wadsworth & Brooks/Cole, Belmont (1990)
Domingos, P.: Metacost: A General Method for Making Classifiers Cost-sensitive. In: Proc. of 5th Int. Conf. on Knowledge Discovery and Data Mining KDD, pp. 155–164 (1999)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longsta, T.A.: A Sense of Self for Unix Processes. In: Proc. IEEE Symposium on Security and Privacy, Los Alamitos, CA, pp. 120–128 (1996)
Gaffney, J.E., Ulvila, J.W.: Evaluation of Intrusion Detectors: A Decision Theory Approach. In: Proc. of IEEE Symposium on Security and Privacy, pp. 50–61 (2001)
Halme, L., Kahn, B.: Building a Security Monitor with Adaptive User Work Profiles. In: Proc. of the 11th National Computer Security Conference, Washington, DC, October 1988, pp. 274–283 (1988)
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion Detection using Sequences of System Calls. Journal of Computer Security 6, 151–180 (1998)
Jin, H., Sun, J., Chen, H., Han, Z.: A Risk-sensitive Intrusion Detection Model. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 107–117. Springer, Heidelberg (2003)
Lane, T., Brodley, C.E.: Sequence Matching and Learning in Anomaly Detection for Computer Security. In: Proc. of the AAAI-97 Workshop on AI Approachesto Fraud Detection and Risk Management, pp. 43–49. AAAI Press, Menlo Park (1997)
Lane, T., Brodley, C.E.: Temporal Sequence Learning and Data Reduction for Anomaly Detection. In: Proc. of the Fifth ACM Conference on Computer andCommunications Security, pp. 150–158 (1998)
Lane, T., Brodley, C.E.: Temporal Sequence Learning and Data Reduction forAnomaly Detection. ACM Trans. on Information and System Security 2, 295–331 (1999)
Lin, J., Wang, X., Jajodia, S.: Abstraction-based Misuse Detection: High-level Specifications and Adaptable Strategies. In: Proc. of IEEE Computer Security Foundations Workshop, Rockport, MA, June 1998, pp. 190–201 (1998)
Lippman, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., McCllung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., Zissman, M.A.: Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation. In: Proc. of DARPA Information Survivability Conference and Exposition, January 25–27, vol. 2, pp. 12–26 (2000)
Lunt, T.F.: Automated Audit Trail Analysis and Intrusion Detection: A survey. In: Proc. of the 11th National Computer Security Conference, Baltimore, Maryland, pp. 65–73. NIST (1988)
Okazaki, Y., Sato, I., Goto, S.: A New Intrusion Detection Method based on Process Profiling. In: Proc. of the 2002 Symposium on Applications and the Internet (SAINT 2002), pp. 82–91 (2002)
Sun, J., Jin, H., Chen, H., Han, Z.: A Data Mining Based Intrusion Detection Model. In: Proc of Fourth International Conference on Intelligent Data Engineering and Automated Learning, IDEAL 2003 (2003)
Terano, T., Asai, K., Sugeno, M.: Fuzzy Systems Theory and Its Applications, pp. 20–99. Academic Press, Boston (1992)
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusions using System Calls: Alternative Data Models. In: Proc. of IEEE Symposium on Security and Privacy, pp. 133–145 (1999)
Zadrozny, B., Elkan, C.: Learning and Making Decisions When Costs and Probabilities are Both Unknown. In: Proc. of the Seventh International Conference on Knowledge Discovery and Data Mining (KDD 2001), pp. 204–213 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sun, J., Jin, H., Chen, H., Zhang, Q., Han, Z. (2003). A Compound Intrusion Detection Model. In: Qing, S., Gollmann, D., Zhou, J. (eds) Information and Communications Security. ICICS 2003. Lecture Notes in Computer Science, vol 2836. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39927-8_34
Download citation
DOI: https://doi.org/10.1007/978-3-540-39927-8_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20150-2
Online ISBN: 978-3-540-39927-8
eBook Packages: Springer Book Archive