Abstract
The growth of intelligent attacks has prompted the designers to envision the intrusion detection as a built-in process in operating systems. This paper investigates a novel anomaly-based intrusion detection mechanism which utilizes the manner of interactions between users and kernel processes. An adequate feature list has been prepared for distinction between normal and anomalous behavior. The method used is introducing a new component to Linux kernel as a wrapper module with necessary hook function to log initial data for preparing desired features list. SVM neural network was applied to classify and recognize input vectors. The sequence of delayed input vectors of features was appended to examine the effectiveness of the system call consecution. The evaluation method for the Intelligent Intrusion Detection system was simulation method and improvement in some metrics such as accuracy, training time and testing time in comparison with the other similar systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Balcazar, J., Dai, Y., Watanabe, O.: A random sampling technique for training support vector machines for primal-form maximal-margin classifiers, algorithmic learning theory. In: Abe, N., Khardon, R., Zeugmann, T. (eds.) ALT 2001. LNCS, vol. 2225, p. 119. Springer, Heidelberg (2001)
Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: On the capability of an SOM based intrusion detection system, vol. 3, pp. 1808–1813. IEEE, Los Alamitos (2003)
Chavan, S., Shah, K., Dave, N., Mukherjee, S.: Adaptive Neuro-Fuzzy Intrusion Detection Systems. In: Proceedings of the International Conference on Information Technology. IEEE, Los Alamitos (2004)
Cortes, C., Vapnik, V.: Support-vector networks. Machine Learning 20(3), 273–297 (1995)
Cunningham, R., Lippmann, R.: Improving Intrusion Detection performance using Keyword selection and Neural Networks. MIT Lincoln Laboratory (2002)
Dumais, S., Platt, J., Heckerman, D., Sahami, M.: Inductive learning algorithms and representations for text categorization. In: Proceedings of the Seventh International Conference on Machine Learning. ACM Press, New York (1998)
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.A.: A Sense of Self for Unix Processes. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. IEEE Computer Society Press, Los Alamitos (1996)
Joachims, T.: Text categorization with support vector machines: learning with many relevant features. In: Nédellec, C., Rouveirol, C. (eds.) ECML 1998. LNCS, vol. 1398, pp. 137–142. Springer, Heidelberg (1998)
LeCun, Y., Jackel, L.D., Bottou, L., Brunot, A., Cortes, C., Denker, J.S., Drucker, H., Guyon, I., Muller, U.A., Sackinger, E., Simard, P., Vapnik, V.: Comparison of learnin algorithms for handwritten digit recognition. In: Fogelman, F., Gallinari, P. (eds.) International Conference on Artificial Neural Networks, Paris, EC2 & Cie, pp. 53–60 (1995)
Liu, C., Nakashima, K., Sako, H., Fujisawa, H.: Handwritten digit recognition using state-of-the-art techniques. In: FHR 2002, pp. 320–325 (2002)
Marin, J., Ragsdale, D., Surdu, J.: A Hybrid Approach to the Profile Creation and Intrusion Detection. In: Proceedings of the DARPA Information Survivability Conference and Exposition – DISCEX 2001 (June 2001)
Pavel, P., Laskov, C., Schäfer, Kotenko, I.: Visualization of anomaly detection using prediction sensitivity. In: Proc. DIMVA, pp. 71–82 (2004)
Shih, L., Rennie, Y.D.M., Chang, Y., Karger, D.R.: Text bundling: statistics-based data reduction. In: Proceedings of the 20th International Conference on Machine Learning (ICML), Washington, DC, pp. 696–703 (2003)
Tanenbaum, A.S.: Modern Operating Systems. Prentice Hall, Englewood Cliffs (1992)
Tufis, D., Popescu, C., Rosu, R.: Automatic classification of documents by random sampling. Proc. Romanian Acad., Ser. 1(2), 117–127 (2000)
Upadhyaya, S., Chinchani, R., Kwiat, K.: An analytical framework for reasoning about intrusions. In: Proceedings of the IEEE Symposium on Reliable Distributed Systems, New Orleans, LA, pp. 99–108 (2001)
Vasudevan, S.: Immune Based Event-incident Model For Intrusion Detection Systems: A Nature Inspired Approach To Secure Computing, M.S, Thesis, Kent State University, USA (2007)
Wang, K., Stolfo, S.J.: One class training for masquerade detection. In: Proceedings of the 3rd IEEE Conference, Data Mining Workshop on Data Mining for Computer Security, Florida (2003)
Wei, Ch., Chang, Ch., Lin, J.Ch.: A Practical Guide to Support Vector Classification (July 2007)
Yu, H., Yang, J., Han, J.: Classifying large data sets using SVM with hierarchical clusters. In: Proceedings of the SIGKDD 2003, Washington, DC, pp. 306–315 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Almassian, N., Azmi, R., Berenji, S. (2009). AIDSLK: An Anomaly Based Intrusion Detection System in Linux Kernel. In: Prasad, S.K., Routray, S., Khurana, R., Sahni, S. (eds) Information Systems, Technology and Management. ICISTM 2009. Communications in Computer and Information Science, vol 31. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00405-6_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-00405-6_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00404-9
Online ISBN: 978-3-642-00405-6
eBook Packages: Computer ScienceComputer Science (R0)