A program anomaly intrusion detection scheme based on fuzzy inference

A major problem of existing anomaly intrusion detection approaches is that they tend to produce excessive false alarms. One reason for this is that the normal and abnormal behaviour of a monitored object can overlap or be very close to each other, which makes it difficult to define a clear bounda...

Full description

Saved in:
Bibliographic Details
Main Author: Dau, Xuan Hoang
Format: Article
Language:English
Published: VNU 2014
Subjects:
Online Access:http://repository.vnu.edu.vn/handle/11126/4678
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Vietnam National University, Hanoi
Language: English
id oai:112.137.131.14:11126-4678
record_format dspace
spelling oai:112.137.131.14:11126-46782017-10-27T01:42:21Z A program anomaly intrusion detection scheme based on fuzzy inference Dau, Xuan Hoang Anomaly intrusion detection Fuzzy logic Hidden Markov model Program-based anomaly intrusion detection A major problem of existing anomaly intrusion detection approaches is that they tend to produce excessive false alarms. One reason for this is that the normal and abnormal behaviour of a monitored object can overlap or be very close to each other, which makes it difficult to define a clear boundary between the two. In this paper, we present a fuzzy-based scheme for program anomaly intrusion detection using system calls. Instead of using crisp conditions, or fixed thresholds, fuzzy sets are used to represent the parameter space of the program sequences of system calls. In addition, fuzzy rules are used to combine multiple parameters of each sequence, using fuzzy reasoning, in order to determine the sequence status. Experimental results showed that the proposed fuzzy-based detection scheme reduced false positive alarms by 48%, compared to the normal database scheme. 2014-03-20T02:07:52Z 2015-08-26T09:27:44Z 2014-03-20T02:07:52Z 2015-08-26T09:27:44Z 2008 Article p. 71-81 http://repository.vnu.edu.vn/handle/11126/4678 en application/pdf VNU
institution Vietnam National University, Hanoi
building VNU Library & Information Center
country Vietnam
collection VNU Digital Repository
language English
topic Anomaly intrusion detection
Fuzzy logic
Hidden Markov model
Program-based anomaly intrusion detection
spellingShingle Anomaly intrusion detection
Fuzzy logic
Hidden Markov model
Program-based anomaly intrusion detection
Dau, Xuan Hoang
A program anomaly intrusion detection scheme based on fuzzy inference
description A major problem of existing anomaly intrusion detection approaches is that they tend to produce excessive false alarms. One reason for this is that the normal and abnormal behaviour of a monitored object can overlap or be very close to each other, which makes it difficult to define a clear boundary between the two. In this paper, we present a fuzzy-based scheme for program anomaly intrusion detection using system calls. Instead of using crisp conditions, or fixed thresholds, fuzzy sets are used to represent the parameter space of the program sequences of system calls. In addition, fuzzy rules are used to combine multiple parameters of each sequence, using fuzzy reasoning, in order to determine the sequence status. Experimental results showed that the proposed fuzzy-based detection scheme reduced false positive alarms by 48%, compared to the normal database scheme.
format Article
author Dau, Xuan Hoang
author_facet Dau, Xuan Hoang
author_sort Dau, Xuan Hoang
title A program anomaly intrusion detection scheme based on fuzzy inference
title_short A program anomaly intrusion detection scheme based on fuzzy inference
title_full A program anomaly intrusion detection scheme based on fuzzy inference
title_fullStr A program anomaly intrusion detection scheme based on fuzzy inference
title_full_unstemmed A program anomaly intrusion detection scheme based on fuzzy inference
title_sort program anomaly intrusion detection scheme based on fuzzy inference
publisher VNU
publishDate 2014
url http://repository.vnu.edu.vn/handle/11126/4678
_version_ 1680965669779144704