|Table of Contents|

Research on Method for Obtaining Action Character Based on IIDS(PDF)


Research Field:
Publishing date:


Research on Method for Obtaining Action Character Based on IIDS
LI Qian-muQI YongZHANG HongLIU Feng-yu
Department of Computer Science and Technology,NUST,Nanjing 210094,China
immunolog ical int rusion detect ion system rough sets neural netw ork
The generalizing ability of current IDS ( Int rusion Detection System) is poor w hen less prior know ledg e is given. According to the immunology principle of bionics, a new method for obtaining act ion character in IIDS is presented, w hich based on generalized suff ix tree, roug h set and neural netw ork. In this paper short sequences of system calls and parameters ex ecuted by privileged procedure are view ed as analogous pept ide. The characteristics of this method are as follow s: 1. the databases are special and integrity. It improves the robustness and flex ibility of the system; 2. The behavior model whose frequency is higher is analyzed and the processed first. It improves the speed and the ef fectiveness of int rusion detect ion; 3. The rules that affected the ef fectiveness of the system is be deleted, and be replaced by better rules. Experiment s show that the proposed method is pract ical and efficient.


[ 1] Matt B. Trends in academic research: vulnerabil-i ties analysis and intrusion detection[ J] . Computers and Security , 2002, 21( 7) : 609~ 612.
[ 2] Lu K N, Chen Z H, Jin Z G, et al. An adapt ive rea-l time intrusion detection system using sequences of system call [ A] . In: Proceedings of IEEE Conference on Electrical and Computer Eng ineering ( IEEE CCECE 2003) [ C] . Virginia: Georg ia Institute of Technology, 2003. 789~ 792.
[ 3] Tan K M C, Maxion R A. Determining the oper ational limits of an anomaly- based intrusion detector[ J] . IEEE Journal on Selected Ar eas in Communications, 2003, 21( 1) : 96~ 110.


Last Update: 2013-03-11