Behavior analysis-based learning framework for host level intrusion detection

Qiao Haiyan, Peng Jianfeng, Feng Chuan, Jerzy W. Rozenblit

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Machine learning has great utility within the context of network intrusion detection systems. In this paper, a behavior analysis-based learning framework for host level network intrusion detection is proposed, consisting of two parts, anomaly detection and alert verification. The anomaly detection module processes unlabeled data using a clustering algorithm to detect abnormal behaviors. The alert verification module adopts a novel rule learning based mechanism which analyzes the change of system behavior caused by an intrusion to determine whether an attack succeeded and therefore lower the number of false alarms. In this framework, the host behavior is not represented by a single user or program activity; instead, it is represented by a set of factors, called behavior set, so that the host behavior can be described more accurately and completely.

Original languageEnglish (US)
Title of host publicationProceedings - 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
Subtitle of host publicationRaising Expectations of Computer-Based Systems
Pages441-447
Number of pages7
DOIs
StatePublished - 2007
Event14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007 - Tucson, AZ, United States
Duration: Mar 26 2007Mar 29 2007

Publication series

NameProceedings of the International Symposium and Workshop on Engineering of Computer Based Systems

Other

Other14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
Country/TerritoryUnited States
CityTucson, AZ
Period3/26/073/29/07

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software

Fingerprint

Dive into the research topics of 'Behavior analysis-based learning framework for host level intrusion detection'. Together they form a unique fingerprint.

Cite this