| Title: | ROUGH SET THEORY’S APPLICATION ON INTRUSION DETECTION BASED ON SYSTEM CALLS |
| DOI No: | 10.1142/9789812701534_0019 |
| Source: | PROCEEDINGS OF THE 11TH JOINT INTERNATIONAL COMPUTER CONFERENCE - JICC 2005 (pp 83-86)
|
| Author(s): | Lijun WANG
School of Computer Science and Engineering, Anshan Technology and Science University, Liaoni, 114044, China
Chao GAO
School of Computer Science and Engineering, Anshan Technology and Science University, Liaoni, 114044, China
|
| Abstract: | The system call sequences have already become one of the important data sources in host-based intrusion detection system. There are some merits which are high in accuracy, low in false fault and good in stability and so on by using the system calls analysis to judge the intrusion. This paper puts forward a high-efficient and low-loading abnormal detecting method aiming at sequences. The method is based on rough set and capable of extracting detection rules with the minimum size to form a normal behavior model from the record of sequences generated during the normal execution of process. Compared with other methods, the merits of using the Rough set theory to create the normal model are as follows: it is simple to get the training data; the small rules set is suitable to real-time detection, and the process’ abnormal running state can be detected out effectively. Experiment results show that the efficiency of the method in this paper is obvious higher than other methods. |
| Keywords: | intrusion detection; rough set theory; system call sequences; attribute reduction
|
| Full Text: | View full text in PDF format (505KB) |
| TOC: | Back to Table of Contents |
|
|
