Time -variant normal profiling for anomaly detection systems
Anomaly detection supports discovery of suspicious activities in a computer system by creating a normal profile of a system's behavior, then raising an alert when the system's behavior does not fit its normal profile. Unfortunately, the knowledge of what constitutes "normal" beha...
Saved in:
| Main Author: | |
|---|---|
| Format: | Dissertation |
| Language: | English |
| Published: |
ProQuest Dissertations & Theses
01.01.2008
|
| Subjects: | |
| ISBN: | 9780549744009, 0549744002 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Anomaly detection supports discovery of suspicious activities in a computer system by creating a normal profile of a system's behavior, then raising an alert when the system's behavior does not fit its normal profile. Unfortunately, the knowledge of what constitutes "normal" behavior is usually incomplete, and a user's usual patterns change over time; thus old normal profiles may no longer reflect a new pattern that users may have learned. For this reason, a methodology to consistently update normal profiles needs to be devised so that intrusion detection can be accomplished more effectively. The main goal of our research is to construct a time-variant normal profile for anomaly detection systems without requiring time-consuming retraining. We propose to apply a robust classification system to concurrently employed sequences of UNIX commands, which represent users' normal profiles. Subsequently, we continuously update these sequences by keeping the most recently employed patterns whose size is dynamically determined. Active window adjustment through a concept drift algorithm helps to keep relevant instances without having to contain outdated patterns as well. The ability to dynamically adapt the normal profiles provides a significant foundation for real-time intrusion detection. |
|---|---|
| Bibliography: | SourceType-Dissertations & Theses-1 ObjectType-Dissertation/Thesis-1 content type line 12 |
| ISBN: | 9780549744009 0549744002 |