A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference

نویسندگان

  • Xuan Dau Hoang
  • Jiankun Hu
  • Peter Bertók
چکیده

In this paper, a hybrid anomaly intrusion detection scheme using program system calls is proposed. In this scheme, a hidden Markov model (HMM) detection engine and a normal database detection engine have been combined to utilise their respective advantages. A fuzzy-based inference mechanism is used to infer a soft boundary between anomalous and normal behaviour, which is otherwise very difficult to determine when they overlap or are very close. To address the challenging issue of high cost in HMM training, an incremental HMM training with optimal initialization of HMM parameters is suggested. Experimental results show that the proposed fuzzy-based detection scheme can reduce false positive alarms by 48%, compared to the single normal database detection scheme. Our HMM incremental training with the optimal initialization produced a significant improvement in terms of training time and storage as well. The HMM training time was reduced by four times and the memory requirement was also reduced significantly. & 2009 Elsevier Ltd. All rights reserved.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing

Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...

متن کامل

A Novel Soft Computing Inference Engine Model for Intrusion Detection

The main purpose of this paper is to propose a novel soft computing inference engine model for intrusion detection. Our approach is anomaly based and utilizes causal knowledge inference based fuzzy cognitive maps (FCM) and multiple self organizing maps (SOM). A set of parallel neural network classifiers (SOM) are used to do an initial recognition of the network traffic flow to detect abnormal b...

متن کامل

A Neuro Fuzzy Based Intrusion Detection System for a Cloud Data Center Using Adaptive Learning

With its continuous improvements, the cloud computing system leaves an open door for malicious activities. This promotes the significance of constructing a malware action detection component to discover the anomalies in the virtual environment. Besides, the traditional intrusion detection system does not suit for the cloud environment. So, the proposed scheme develops an anomaly detection syste...

متن کامل

An Adaptive Hybrid Multi-level Intelligent Intrusion Detection System for Network Security

Intrusion Detection System (IDS) plays a vital factor in providing security to the networks through detecting malicious activities. Due to the extensive advancements in the computer networking, IDS has become an active area of research to determine various types of attacks in the networks. A large number of intrusion detection approaches are available in the literature using several traditional...

متن کامل

Adaptive Anomaly-Based Intrusion Detection System Using Fuzzy Controller

The major work of intrusion detection systems is used to detect the anomaly and new attackers in the networks, even still various false alarms are caused in order to neglect this necessary feature. Existing system present an anomaly-based intrusion detection system to improve the system performance. Fuzzy rule-based modeling and fuzzy controller are used to create a detection model in the train...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • J. Network and Computer Applications

دوره 32  شماره 

صفحات  -

تاریخ انتشار 2009