Intrusion Detection System Based on Probabilistic Suffix Tree

2023 IEEE 6th Eurasian Conference on Educational Innovation (ECEI) Pub Date : 2023-02-03 DOI:10.1109/ECEI57668.2023.10105322

Haoran Yang, Haoran Fu, Congyao Wu

{"title":"Intrusion Detection System Based on Probabilistic Suffix Tree","authors":"Haoran Yang, Haoran Fu, Congyao Wu","doi":"10.1109/ECEI57668.2023.10105322","DOIUrl":null,"url":null,"abstract":"A system is proposed to implement intrusion detection under Linux based on the probabilistic suffix tree model. We use a sliding window to segment the system call sequence, judge whether it is an abnormal sequence by the rarity of a single sequence, and realize the detection and early warning of intrusion threats. The original information security uses a rule-based method to deal with intrusion threats through feature signatures and manual analysis. However, we use big data analysis methods to identify abnormal system call sequences by building models and the whole spatiotemporal context analysis. Early warning of security threats can significantly reduce the overall cost and complexity of threat detection. Compared with traditional intrusion detection methods, our model uses normal call sequences for training, and the model also constantly updates itself during threat detection to prevent unknown threats. Through experiments, it is confirmed that the system has good accuracy and low response time and realizes intrusion detection and early warning to the greatest extent.","PeriodicalId":176611,"journal":{"name":"2023 IEEE 6th Eurasian Conference on Educational Innovation (ECEI)","volume":"118 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 6th Eurasian Conference on Educational Innovation (ECEI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ECEI57668.2023.10105322","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

A system is proposed to implement intrusion detection under Linux based on the probabilistic suffix tree model. We use a sliding window to segment the system call sequence, judge whether it is an abnormal sequence by the rarity of a single sequence, and realize the detection and early warning of intrusion threats. The original information security uses a rule-based method to deal with intrusion threats through feature signatures and manual analysis. However, we use big data analysis methods to identify abnormal system call sequences by building models and the whole spatiotemporal context analysis. Early warning of security threats can significantly reduce the overall cost and complexity of threat detection. Compared with traditional intrusion detection methods, our model uses normal call sequences for training, and the model also constantly updates itself during threat detection to prevent unknown threats. Through experiments, it is confirmed that the system has good accuracy and low response time and realizes intrusion detection and early warning to the greatest extent.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于概率后缀树的入侵检测系统

提出了一种基于概率后缀树模型的Linux下入侵检测系统。采用滑动窗口对系统调用序列进行分割，通过单个序列的稀有性判断是否为异常序列，实现入侵威胁的检测和预警。原始的信息安全采用基于规则的方法，通过特征签名和人工分析来处理入侵威胁。然而，我们使用大数据分析方法，通过建立模型和整个时空背景分析来识别异常的系统调用序列。安全威胁的早期预警可以显著降低威胁检测的总体成本和复杂性。与传统的入侵检测方法相比，我们的模型使用正常的调用序列进行训练，并且在威胁检测过程中不断更新自身，防止未知威胁。通过实验验证，该系统具有较好的准确率和较低的响应时间，最大程度地实现了入侵检测和预警。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2023 IEEE 6th Eurasian Conference on Educational Innovation (ECEI)

自引率

0.00%

发文量