Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Serpen, Gursel* | Aghaei, Ehsan
Affiliations: Electrical Engineering and Computer Science, University of Toledo, Toledo, OH 43606, USA
Correspondence: [*] Corresponding author: G. Serpen, Electrical Engineering and Computer Science, University of Toledo, Toledo, OH 43606, USA. E-mail: gursel.serpen@utoledo.edu.
Abstract: This paper presents the design and performance evaluation of a host-based misuse intrusion detection system for the Linux operating system. The proposed system employs a feature extraction technique based on principal component analysis, which is called Eigentraces, of operating system call trace data, and k-nearest neighbor algorithm for classification. The design is evaluated on the ADFA-LD dataset which entails one normal and six attack classes. Feature vectors are formed from fixed-size system call trace raw data through windowing and the principal component analysis, and serve as templates for the training phase. Classification of system call trace data that is in the form of feature vectors which are formulated through the Eigentraces procedure is accomplished using the k-nearest-neighbor algorithm. Two variants of the misuse intrusion detection system designs were evaluated through a simulation study on the ADFA-LD dataset: one design considered only two classes, namely normal and attack classes while the second design considered seven classes, namely one normal and six attack classes. In both cases the proposed design demonstrated very high performance. In overall, the misuse intrusion detection system was able to detect the attacks and predict the type of the attacks.
Keywords: Host based intrusion detection, misuse detection, principal component analysis, k nearest neighbor classifier, operating system call trace, Linux operating system
DOI: 10.3233/IDA-173493
Journal: Intelligent Data Analysis, vol. 22, no. 5, pp. 1101-1114, 2018
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl