| Autor: |
Carbonell, Jaime G., Siekmann, Jörg, Zhi-Hua Zhou, Hang Li, Qiang Yang, Zhou Jian, Shirai, Haruhiko, Takahashi, Isamu, Kuroiwa, Jousuke, Odaka, Tomohiro, Ogura, Hisakazu |
| Zdroj: |
Advances in Knowledge Discovery & Data Mining; 2007, p108-118, 11p |
| Abstrakt: |
A new anomaly detection method based on models of user behavior at the command level is proposed as an intrusion detection technique. The hybrid command sequence (HCS) model is trained from historical session data by a genetic algorithm, and then it is used as the criterion in verifying observed behavior. The proposed model considers the occurrence of multiple command sequence fragments in a single session, so that it could recognize non-sequential patterns. Experiment results demonstrate an anomaly detection rate of higher than 90%, comparable to other statistical methods and 10% higher than the original command sequence model. [ABSTRACT FROM AUTHOR] |
| Databáze: |
Supplemental Index |
| Externí odkaz: |
|
