Behavior analysis-based learning framework for host level intrusion detection

Qiao Haiyan, Peng Jianfeng, Feng Chuan, Jerzy W. Rozenblit

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Scopus citations

Abstract

Machine learning has great utility within the context of network intrusion detection systems. In this paper, a behavior analysis-based learning framework for host level network intrusion detection is proposed, consisting of two parts, anomaly detection and alert verification. The anomaly detection module processes unlabeled data using a clustering algorithm to detect abnormal behaviors. The alert verification module adopts a novel rule learning based mechanism which analyzes the change of system behavior caused by an intrusion to determine whether an attack succeeded and therefore lower the number of false alarms. In this framework, the host behavior is not represented by a single user or program activity; instead, it is represented by a set of factors, called behavior set, so that the host behavior can be described more accurately and completely.

Original languageEnglish (US)
Title of host publicationProceedings - 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
Subtitle of host publicationRaising Expectations of Computer-Based Systems
Pages441-447
Number of pages7
DOIs
StatePublished - Jun 18 2007
Event14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007 - Tucson, AZ, United States
Duration: Mar 26 2007Mar 29 2007

Publication series

NameProceedings of the International Symposium and Workshop on Engineering of Computer Based Systems

Other

Other14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
CountryUnited States
CityTucson, AZ
Period3/26/073/29/07

    Fingerprint

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software

Cite this

Haiyan, Q., Jianfeng, P., Chuan, F., & Rozenblit, J. W. (2007). Behavior analysis-based learning framework for host level intrusion detection. In Proceedings - 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007: Raising Expectations of Computer-Based Systems (pp. 441-447). [4148961] (Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems). https://doi.org/10.1109/ECBS.2007.23