Abstract
This paper focuses on anomaly detection in user behavior. We present a review of our immunity-based anomaly detection system, and propose a framework of the immunity-based anomaly detection system with a new mechanism of diversity generation. In the framework, each computer on a LAN generates diverse agents, and the agents generated on each computer are shared with all other computers on the LAN. The sharing of agents contributes to their diversity. In addition, we propose an evaluation framework of immunity-based anomaly detection, which is capable of evaluating the differences in detection accuracy between internal and external malicious users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lane, T.: Hidden Markov models for human/computer interface modeling. In: IJCAI-99 Workshop on Learning about Users, pp. 35–44 (1999)
Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16(1), 58–74 (2001)
Okamoto, T., Watanabe, Y., Ishida, Y.: Test statistics for a masquerader detection system – a comparison between hidden markov model and other probabilistic models. Transactions of the ISCIE 16(2), 61–69 (2003)
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. In: the 1999 IEEE Symposium on Security and Privacy, pp. 133–145. IEEE Computer Society Press, Los Alamitos (1999)
Okamoto, T., Watanabe, T., Ishida, Y.: Towards an immunity-based system for detecting masqueraders. In: Palade, V., Howlett, R.J., Jain, L. (eds.) KES 2003. LNCS, vol. 2774, pp. 488–495. Springer, Heidelberg (2003)
Okamoto, T., Watanabe, T., Ishida, Y.: Mechanism for generating immunity-based agents that detect masqueraders. In: Negoita, M.Gh., Howlett, R.J., Jain, L.C. (eds.) KES 2004. LNCS (LNAI), vol. 3214, pp. 534–540. Springer, Heidelberg (2004)
Okamoto, T., Ishida, Y.: Towards an immunity-based anomaly detection system for network traffic. In: Gabrys, B., Howlett, R.J., Jain, L.C. (eds.) KES 2006. LNCS (LNAI), vol. 4252, pp. 123–130. Springer, Heidelberg (2006)
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, pp. 120–128. IEEE Computer Society Press, Los Alamitos (1996)
Juang, B.H., Rabiner, L.R.: A probabilistic distance measure for hidden markov models. AT&T Technical Journal 64(2), 391–408 (1985)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Okamoto, T., Ishida, Y. (2007). Framework of an Immunity-Based Anomaly Detection System for User Behavior. In: Apolloni, B., Howlett, R.J., Jain, L. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2007. Lecture Notes in Computer Science(), vol 4694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74829-8_100
Download citation
DOI: https://doi.org/10.1007/978-3-540-74829-8_100
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74828-1
Online ISBN: 978-3-540-74829-8
eBook Packages: Computer ScienceComputer Science (R0)