{"title":"A host-based real-time intrusion detection system with data mining and forensic techniques","authors":"Fang-Yie Leu, Tzu-Yi Yang","doi":"10.1109/CCST.2003.1297623","DOIUrl":null,"url":null,"abstract":"Host-based detective methods play an important role in developing an intrusion detection system (IDS). One of the major concerns of the development is its latency delay. Host-based IDS systems inspecting log files provided by operating systems or applications need more time to analyze log content. It demands a large number of computer resources, such as CPU time and memory. Besides, there still a crucial problem about how to transform human behavior into numbers so as measurement can be easily performed. In order to improve the problem addressed we promote IDS called host-based real time intrusion detection system (HRIDS). HRIDS monitors users' activities in a real-time aspect. By defining user profiles, we can easily find out the anomalies and malicious accesses instantly. With the help of user profiles, we cannot only find which account has been misused, but also realize the true intruders. There is no need to update the knowledge databases of HRIDS. It is a self-organized and self-training system. Furthermore, we discover cooperative attacks submitted by users at the same time by using data mining and forensic techniques.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2003.1297623","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Host-based detective methods play an important role in developing an intrusion detection system (IDS). One of the major concerns of the development is its latency delay. Host-based IDS systems inspecting log files provided by operating systems or applications need more time to analyze log content. It demands a large number of computer resources, such as CPU time and memory. Besides, there still a crucial problem about how to transform human behavior into numbers so as measurement can be easily performed. In order to improve the problem addressed we promote IDS called host-based real time intrusion detection system (HRIDS). HRIDS monitors users' activities in a real-time aspect. By defining user profiles, we can easily find out the anomalies and malicious accesses instantly. With the help of user profiles, we cannot only find which account has been misused, but also realize the true intruders. There is no need to update the knowledge databases of HRIDS. It is a self-organized and self-training system. Furthermore, we discover cooperative attacks submitted by users at the same time by using data mining and forensic techniques.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
