Part of the book series:Lecture Notes in Computer Science ((LNISA,volume 3578))
Included in the following conference series:
1373Accesses
Abstract
Anomaly detection is an essential component of the protection mechanism against novel attacks.Traditional methods need very large volume of purely training dataset, which is expensive to classify it manually. A new method for anomaly intrusion detection is proposed based on supervised clustering and markov chain model, which is designed to train from a small set of normal data. After short system call sequences are clustered, markov chain is used to learn the relationship among these clusters and classify the normal or abnormal. The observed behavior of the system is analyzed to infer the probability that the markov chain of the norm profile supports the observed behavior. markov information source entropy and condition entropy are used to select parameters. The experiments have showed that the method is effective to detect anomalistic behaviors, and enjoys better generalization ability when a small number of training dataset is used only.
This is a preview of subscription content,log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusion Using System Calls: Alternative Data Models. In: IEEE Symposium on Security and Privacy (May 1999)
Lane, T., Brodley, C.E.: Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security 2, 295–331 (1999)
Lee, W., Dong, X.: Information-Theoretic measures for anomaly detection. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 130–143 (2001)
Mukkamala, S., Janowski, G., Sung, A.H.: Intrusion Detection Using Neural Networks and Support Vector Machines. In: Proceedings of IEEE IJCNN, pp. 1702–1707 (2002)
Mukkamala, S., Janoski, G.I., Sung, A.H.: Intrusion Detection Using Support Vector Machines. In: Proceedings of the High Performance Computing Symposium - HPC 2002, San Diego, April 2002, pp. 178–183 (2002)
Lihong, Y., Xiaocao, Z., Hao, H., Bing, M., Li, X.: Research of system call based intrusion detection. Acta Electronica Sinica 31, 1134–1137 (2003)
Shah, H., Undercoffer, J., Joshi, D.A.: Fuzzy Clustering for Intrusion Detection. In: Proceedings of the 12th IEEE International Conference on Fuzzy Systems (April 2003)
Yeung, D.-Y., Ding, Y.: Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognition 36, 229–243 (2003)
Hu, W., Liao, Y., Rao Vemuri, V.: Robust Support Vector Machines for Anamoly Detection in Computer Security. In: International Conference on Machine Learning, Los Angeles, CA (July 2003)
Author information
Authors and Affiliations
College Of Computer Science & Technology, Harbin Engineering University, Harbin, 150001, P.R. China
Qingbo Yin, Liran Shen, Rubo Zhang & Xueyao Li
- Qingbo Yin
You can also search for this author inPubMed Google Scholar
- Liran Shen
You can also search for this author inPubMed Google Scholar
- Rubo Zhang
You can also search for this author inPubMed Google Scholar
- Xueyao Li
You can also search for this author inPubMed Google Scholar
Editor information
Editors and Affiliations
School of Information Technology and Electrical Engineering, University of Queensland, 4072, Australia
Marcus Gallagher
, POB 30031, FL 32503-1031, Pensacola
James P. Hogan
Faculty of Information Technology, Queensland University of Technology, Box 2434, Q 4001, Brisbane, Australia
Frederic Maire
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yin, Q., Shen, L., Zhang, R., Li, X. (2005). A Novel Anomaly Detection Using Small Training Sets. In: Gallagher, M., Hogan, J.P., Maire, F. (eds) Intelligent Data Engineering and Automated Learning - IDEAL 2005. IDEAL 2005. Lecture Notes in Computer Science, vol 3578. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11508069_34
Download citation
Publisher Name:Springer, Berlin, Heidelberg
Print ISBN:978-3-540-26972-4
Online ISBN:978-3-540-31693-0
eBook Packages:Computer ScienceComputer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative