Sekeh, Mohammad Akbarpour and Maarof, Mohd. Aizani (2009) Fuzzy intrusion detection system via data mining technique with sequences of system calls. In: The 5th International Conference on Information Assurance and Security, 2009, Xi'an Tangcheng Hotel, Xian, China.
Full text not available from this repository.
Official URL: http://dms.library.utm.my:8080/vital/access/manage...
Abstract
There are two main approaches for implementing IDS; host based and network based. While the former is implemented in the form of software deployed on a host, the latter, usually is built as a hardware product with its own hardware platform (IDS appliance). In this paper, a host based intrusion detection system, that uses the idea of tracing system calls, is introduced. As a program runs, it uses the services of the underlying operating system to do some system calls. This system does not exactly need to know the program codes of each process. Normal and intrusive behaviors are collected with gathering the sequences of system calls for each process. Analysis of data is done via data mining and fuzzy techniques. Data mining is used to extract the normal behavior. The proposed system is shown to improve the performance, and decrease size of database, time complexity, and the rate of false alarms.
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Uncontrolled Keywords: | buffer overflow, sunsendmailcp |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Divisions: | Computer Science and Information System |
ID Code: | 15221 |
Deposited By: | Narimah Nawil |
Deposited On: | 22 Sep 2011 09:51 |
Last Modified: | 30 Aug 2020 08:46 |
Repository Staff Only: item control page