Intrusion Detection using Text Processing Techniques with a Binary-Weighted Cosine Metric
نویسندگان
چکیده
This paper introduces a new similarity measure, termed Binary Weighted Cosine (BWC) metric, for anomaly-based intrusion detection schemes that rely on using sequences of system calls. The new similarity measure considers both the number of shared system calls between two processes as well as frequencies of those calls. The k nearest neighbor (kNN) classifier is used to categorize a process as either normal or abnormal. The proposed BWC metric enhances the capabilities of simple kNN classifier significantly -especially in the context of intrusion detection. The experimental results obtained from 1998 DARPA Data, are very promising and show that the proposed scheme results in a high detection rate and low false positive rate.
منابع مشابه
Real-Time Traffic Classification Based on Cosine Similarity Using Sub-application Vectors
Internet traffic classification has a critical role on network monitoring, quality of service, intrusion detection, network security and trend analysis. The conventional port-based method is ineffective due to dynamic port usage and masquerading techniques. Besides, payloadbased method suffers from heavy load and encryption. Due to these facts, machine learning based statistical approaches have...
متن کاملEfficient Privacy-Preserving General Edit Distance and Beyond
Edit distance is an important non-linear metric that has many applications ranging from matching patient genomes to text-based intrusion detection. Depends on the application, related string-comparison metrics, such as weighted edit distance, Needleman-Wunsch distance, longest common subsequences, and heaviest common subsequences, can usually fit better than the basic edit distance. When these ...
متن کاملArabic News Articles Classification Using Vectorized-Cosine Based on Seed Documents
Besides for its own merits, text classification (TC) has become a cornerstone in many applications. Work presented here is part of and a pre-requisite for a project we have overtaken to create a corpus for the Arabic text process. It is an attempt to create modules automatically that would help speed up the process of classification for any text categorization task. It also serves as a tool for...
متن کاملIntrusion detection using text processing techniques with a kernel based similarity measure
This paper focuses on intrusion detection based on system call sequences using text processing techniques. It introduces kernel based similarity measure for the detection of host-based intrusions. The k-nearest neighbour (kNN) classifier is used to classify a process as either normal or abnormal. The proposed technique is evaluated on the DARPA-1998 database and its performance is compared with...
متن کاملQuad-pixel edge detection using neural network
One of the most fundamental features of digital image and the basic steps in image processing, analysis, pattern recognition and computer vision is the edge of an image where the preciseness and reliability of its results will affect directly on the comprehension machine system made objective world. Several edge detectors have been developed in the past decades, although no single edge detector...
متن کامل