Suppressing false alarms of intrusion detection using improved text categorization method

IEEE International Conference on e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004 Pub Date : 2004-03-28 DOI:10.1109/EEE.2004.1287303

Zonghua Zhang, Hong Shen

引用次数: 4

Abstract

Although some text processing techniques can be employed to intrusion detection based on the characterization of the frequencies of the system calls executed by the privileged programs, and achieve satisfactory detection accuracy, high false alarms make it hardly practicable in real life. We modify the traditional weighting method tf-idf for suppressing false alarms by considering the necessary information between the processes and sessions. Preliminary experiments with 1998 DARPA BSM auduit data show that our modified method can suppress high false alarms effectively while maintaining satisfactory detection accuracy, which thus make text categorization approaches more practicable for intrusion detection.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于改进文本分类方法的入侵检测虚警抑制

虽然一些文本处理技术可以根据特权程序执行的系统调用的频率特征进行入侵检测，并获得令人满意的检测精度，但高虚警使其在现实生活中难以实现。通过考虑进程和会话之间的必要信息，改进了传统的加权方法tf-idf来抑制虚警。对1998年DARPA BSM审计数据进行的初步实验表明，改进后的方法能够有效地抑制高虚警，同时保持较好的检测准确率，从而使文本分类方法在入侵检测中更加实用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE International Conference on e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004

自引率

0.00%

发文量

期刊最新文献

On the distributed management of SCORM-compliant course contents A new fair micropayment system based on hash chain An enhanced EDCG replica allocation method in ad hoc networks Using element and document profile for information clustering A scheme for MAC isolation to realize effective management in public wireless LAN