Behavior analysis-based learning framework for host level intrusion detection

Qiao Haiyan, Peng Jianfeng, Feng Chuan, Jerzy W Rozenblit

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

Machine learning has great utility within the context of network intrusion detection systems. In this paper, a behavior analysis-based learning framework for host level network intrusion detection is proposed, consisting of two parts, anomaly detection and alert verification. The anomaly detection module processes unlabeled data using a clustering algorithm to detect abnormal behaviors. The alert verification module adopts a novel rule learning based mechanism which analyzes the change of system behavior caused by an intrusion to determine whether an attack succeeded and therefore lower the number of false alarms. In this framework, the host behavior is not represented by a single user or program activity; instead, it is represented by a set of factors, called behavior set, so that the host behavior can be described more accurately and completely.

Original languageEnglish (US)
Title of host publicationProceedings of the International Symposium and Workshop on Engineering of Computer Based Systems
Pages441-447
Number of pages7
DOIs
StatePublished - 2007
Event14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007 - Tucson, AZ, United States
Duration: Mar 26 2007Mar 29 2007

Other

Other14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
CountryUnited States
CityTucson, AZ
Period3/26/073/29/07

Fingerprint

Intrusion detection
Clustering algorithms
Learning systems

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software

Cite this

Haiyan, Q., Jianfeng, P., Chuan, F., & Rozenblit, J. W. (2007). Behavior analysis-based learning framework for host level intrusion detection. In Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems (pp. 441-447). [4148961] https://doi.org/10.1109/ECBS.2007.23

Behavior analysis-based learning framework for host level intrusion detection. / Haiyan, Qiao; Jianfeng, Peng; Chuan, Feng; Rozenblit, Jerzy W.

Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems. 2007. p. 441-447 4148961.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Haiyan, Q, Jianfeng, P, Chuan, F & Rozenblit, JW 2007, Behavior analysis-based learning framework for host level intrusion detection. in Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems., 4148961, pp. 441-447, 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007, Tucson, AZ, United States, 3/26/07. https://doi.org/10.1109/ECBS.2007.23
Haiyan Q, Jianfeng P, Chuan F, Rozenblit JW. Behavior analysis-based learning framework for host level intrusion detection. In Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems. 2007. p. 441-447. 4148961 https://doi.org/10.1109/ECBS.2007.23
Haiyan, Qiao ; Jianfeng, Peng ; Chuan, Feng ; Rozenblit, Jerzy W. / Behavior analysis-based learning framework for host level intrusion detection. Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems. 2007. pp. 441-447
@inproceedings{ec5664470ad748d0bcbe309b3aaa6e08,
title = "Behavior analysis-based learning framework for host level intrusion detection",
abstract = "Machine learning has great utility within the context of network intrusion detection systems. In this paper, a behavior analysis-based learning framework for host level network intrusion detection is proposed, consisting of two parts, anomaly detection and alert verification. The anomaly detection module processes unlabeled data using a clustering algorithm to detect abnormal behaviors. The alert verification module adopts a novel rule learning based mechanism which analyzes the change of system behavior caused by an intrusion to determine whether an attack succeeded and therefore lower the number of false alarms. In this framework, the host behavior is not represented by a single user or program activity; instead, it is represented by a set of factors, called behavior set, so that the host behavior can be described more accurately and completely.",
author = "Qiao Haiyan and Peng Jianfeng and Feng Chuan and Rozenblit, {Jerzy W}",
year = "2007",
doi = "10.1109/ECBS.2007.23",
language = "English (US)",
isbn = "0769527728",
pages = "441--447",
booktitle = "Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems",

}

TY - GEN

T1 - Behavior analysis-based learning framework for host level intrusion detection

AU - Haiyan, Qiao

AU - Jianfeng, Peng

AU - Chuan, Feng

AU - Rozenblit, Jerzy W

PY - 2007

Y1 - 2007

N2 - Machine learning has great utility within the context of network intrusion detection systems. In this paper, a behavior analysis-based learning framework for host level network intrusion detection is proposed, consisting of two parts, anomaly detection and alert verification. The anomaly detection module processes unlabeled data using a clustering algorithm to detect abnormal behaviors. The alert verification module adopts a novel rule learning based mechanism which analyzes the change of system behavior caused by an intrusion to determine whether an attack succeeded and therefore lower the number of false alarms. In this framework, the host behavior is not represented by a single user or program activity; instead, it is represented by a set of factors, called behavior set, so that the host behavior can be described more accurately and completely.

AB - Machine learning has great utility within the context of network intrusion detection systems. In this paper, a behavior analysis-based learning framework for host level network intrusion detection is proposed, consisting of two parts, anomaly detection and alert verification. The anomaly detection module processes unlabeled data using a clustering algorithm to detect abnormal behaviors. The alert verification module adopts a novel rule learning based mechanism which analyzes the change of system behavior caused by an intrusion to determine whether an attack succeeded and therefore lower the number of false alarms. In this framework, the host behavior is not represented by a single user or program activity; instead, it is represented by a set of factors, called behavior set, so that the host behavior can be described more accurately and completely.

UR - http://www.scopus.com/inward/record.url?scp=34250160945&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34250160945&partnerID=8YFLogxK

U2 - 10.1109/ECBS.2007.23

DO - 10.1109/ECBS.2007.23

M3 - Conference contribution

AN - SCOPUS:34250160945

SN - 0769527728

SN - 9780769527727

SP - 441

EP - 447

BT - Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems

ER -