The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Muitos métodos foram propostos para detectar intrusões; por exemplo, o método de correspondência de padrões em padrões de intrusão conhecidos e a abordagem estatística para detectar desvios de atividades normais. Investigamos um novo método para detectar intrusões com base no número de chamadas de sistema durante a atividade de rede de um usuário em uma máquina host. Este método tenta separar as intrusões das atividades normais usando análise discriminante, um tipo de análise multivariada. Podemos detectar intrusões analisando apenas 11 chamadas de sistema que ocorrem em uma máquina host por meio de análise discriminante com a distância do Mahalanobis, e também podemos dizer se uma amostra desconhecida é uma intrusão. Nossa abordagem é um método leve de detecção de intrusão, visto que requer apenas 11 chamadas de sistema para análise. Além disso, nossa abordagem não requer perfis de usuários ou um banco de dados de atividades de usuários para detectar invasões. Este artigo explica nosso novo método para a separação de intrusões e comportamento normal por meio de análise discriminante e descreve o método de classificação pelo qual identificar um comportamento desconhecido.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Midori ASAKA, Takefumi ONABUTA, Tadashi INOUE, Shunji OKAZAWA, Shigeki GOTO, "A New Intrusion Detection Method Based on Discriminant Analysis" in IEICE TRANSACTIONS on Information,
vol. E84-D, no. 5, pp. 570-577, May 2001, doi: .
Abstract: Many methods have been proposed to detect intrusions; for example, the pattern matching method on known intrusion patterns and the statistical approach to detecting deviation from normal activities. We investigated a new method for detecting intrusions based on the number of system calls during a user's network activity on a host machine. This method attempts to separate intrusions from normal activities by using discriminant analysis, a kind of multivariate analysis. We can detect intrusions by analyzing only 11 system calls occurring on a host machine by discriminant analysis with the Mahalanobis' distance, and can also tell whether an unknown sample is an intrusion. Our approach is a lightweight intrusion detection method, given that it requires only 11 system calls for analysis. Moreover, our approach does not require user profiles or a user activity database in order to detect intrusions. This paper explains our new method for the separation of intrusions and normal behavior by discriminant analysis, and describes the classification method by which to identify an unknown behavior.
URL: https://global.ieice.org/en_transactions/information/10.1587/e84-d_5_570/_p
Copiar
@ARTICLE{e84-d_5_570,
author={Midori ASAKA, Takefumi ONABUTA, Tadashi INOUE, Shunji OKAZAWA, Shigeki GOTO, },
journal={IEICE TRANSACTIONS on Information},
title={A New Intrusion Detection Method Based on Discriminant Analysis},
year={2001},
volume={E84-D},
number={5},
pages={570-577},
abstract={Many methods have been proposed to detect intrusions; for example, the pattern matching method on known intrusion patterns and the statistical approach to detecting deviation from normal activities. We investigated a new method for detecting intrusions based on the number of system calls during a user's network activity on a host machine. This method attempts to separate intrusions from normal activities by using discriminant analysis, a kind of multivariate analysis. We can detect intrusions by analyzing only 11 system calls occurring on a host machine by discriminant analysis with the Mahalanobis' distance, and can also tell whether an unknown sample is an intrusion. Our approach is a lightweight intrusion detection method, given that it requires only 11 system calls for analysis. Moreover, our approach does not require user profiles or a user activity database in order to detect intrusions. This paper explains our new method for the separation of intrusions and normal behavior by discriminant analysis, and describes the classification method by which to identify an unknown behavior.},
keywords={},
doi={},
ISSN={},
month={May},}
Copiar
TY - JOUR
TI - A New Intrusion Detection Method Based on Discriminant Analysis
T2 - IEICE TRANSACTIONS on Information
SP - 570
EP - 577
AU - Midori ASAKA
AU - Takefumi ONABUTA
AU - Tadashi INOUE
AU - Shunji OKAZAWA
AU - Shigeki GOTO
PY - 2001
DO -
JO - IEICE TRANSACTIONS on Information
SN -
VL - E84-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2001
AB - Many methods have been proposed to detect intrusions; for example, the pattern matching method on known intrusion patterns and the statistical approach to detecting deviation from normal activities. We investigated a new method for detecting intrusions based on the number of system calls during a user's network activity on a host machine. This method attempts to separate intrusions from normal activities by using discriminant analysis, a kind of multivariate analysis. We can detect intrusions by analyzing only 11 system calls occurring on a host machine by discriminant analysis with the Mahalanobis' distance, and can also tell whether an unknown sample is an intrusion. Our approach is a lightweight intrusion detection method, given that it requires only 11 system calls for analysis. Moreover, our approach does not require user profiles or a user activity database in order to detect intrusions. This paper explains our new method for the separation of intrusions and normal behavior by discriminant analysis, and describes the classification method by which to identify an unknown behavior.
ER -