Sciweavers

ECBS
2007
IEEE

Behavior Analysis-Based Learning Framework for Host Level Intrusion Detection

14 years 2 months ago
Behavior Analysis-Based Learning Framework for Host Level Intrusion Detection
Machine learning has great utility within the context of network intrusion detection systems. In this paper, a behavior analysis-based learning framework for host level network intrusion detection is proposed, consisting of two parts, anomaly detection and alert verification. The anomaly detection module processes unlabeled data using a clustering algorithm to detect abnormal behaviors. The alert verification module adopts a novel rule learning based mechanism which analyzes the change of system behavior caused by an intrusion to determine whether an attack succeeded and therefore lower the number of false alarms. In this framework, the host behavior is not represented by a single user or program activity; instead, it is represented by a set of factors, called behavior set, so that the host behavior can be described more accurately and completely.
Haiyan Qiao, Jianfeng Peng, Chuan Feng, Jerzy W. R
Added 18 Oct 2010
Updated 18 Oct 2010
Type Conference
Year 2007
Where ECBS
Authors Haiyan Qiao, Jianfeng Peng, Chuan Feng, Jerzy W. Rozenblit
Comments (0)