Academic Journal
Using Text Categorization Techniques for Intrusion Detection
| العنوان: | Using Text Categorization Techniques for Intrusion Detection |
|---|---|
| المؤلفون: | Yihua Liao, V. Rao Vemuri |
| المساهمون: | The Pennsylvania State University CiteSeerX Archives |
| المصدر: | http://seclab.cs.ucdavis.edu/papers/Liao-Vemuri.pdf. |
| سنة النشر: | 2002 |
| المجموعة: | CiteSeerX |
| الوصف: | A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify program behavior as normal or intrusive. Short sequences of system calls have been used by others to characterize a program's normal behavior before. However, separate databases of short system call sequences have to be built for different programs, and learning program profiles involves time-consuming training and testing processes. With the kNN classifier, the frequencies of system calls are used to describe the program behavior. Text categorization techniques are adopted to convert each process to a vector and calculate the similarity between two program activities. Since there is no need to learn individual program profiles separately, the calculation involved is largely reduced. Preliminary experiments with 1998 DARPA BSM audit data show that the kNN classifier can effectively detect intrusive attacks and achieve a low false positive rate. |
| نوع الوثيقة: | text |
| وصف الملف: | application/pdf |
| اللغة: | English |
| Relation: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.12.8445; http://seclab.cs.ucdavis.edu/papers/Liao-Vemuri.pdf |
| الاتاحة: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.12.8445 http://seclab.cs.ucdavis.edu/papers/Liao-Vemuri.pdf |
| Rights: | Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
| رقم الانضمام: | edsbas.138BC8F7 |
| قاعدة البيانات: | BASE |
| الوصف غير متاح. |