Sciweavers

RAID
2000
Springer

A Real-Time Intrusion Detection System Based on Learning Program Behavior

14 years 4 months ago
A Real-Time Intrusion Detection System Based on Learning Program Behavior
Abstract. In practice, most computer intrusions begin by misusing programs in clever ways to obtain unauthorized higher levels of privilege. One e ective way to detect intrusive activity before system damage is perpetrated is to detect misuse of privileged programs in real-time. In this paper, we describe three machine learning algorithms that learn the normal behavior of programs running on the Solaris platform in order to detect unusual uses or misuses of these programs. The performance of the three algorithms has been evaluated by an independent laboratory in an o -line controlled evaluation against a set of computer intrusions and normal usage to determine rates of correct detection and false alarms. A real-time system has since been developed that will enable deployment of a program-based intrusion detection system in a real installation.
Anup K. Ghosh, Christoph C. Michael, Michael Schat
Added 25 Aug 2010
Updated 25 Aug 2010
Type Conference
Year 2000
Where RAID
Authors Anup K. Ghosh, Christoph C. Michael, Michael Schatz
Comments (0)