Intrusion Detection Using Graph Support: A Hybrid Approach of Supervised and Unsupervised Techniques

At present it is almost impossible to detect zero day attack with help of supervised anomaly detection methods. Unsupervised techniques also have the drawback of low detection rate in spite of detection of zero day attacks. Using combination of both unsupervised and supervised methods, promising detection results can be produced. In this paper we present a new sequence based graph support technique which is suitable for both supervised and unsupervised anomaly detection. Based on the system call interception technique, we present a intrusion detection system using Graph Support. This system intercepts every system call invoked by application programs and design graph to calculate the support. Once there are evidences showing certain deviation (graph support is less than threshold) is happening, the system can terminate the malicious process before it hurts the system. With help of graph support we could detect the malicious attack in the system.