Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Liu, Xiaomei* | Yue, Jianlong
Affiliations: School of Information Management, Beijing Information Science and Technology University, Beijing, China
Correspondence: [*] Corresponding author: Xiaomei Liu, School of Information Management, Beijing Information Science and Technology University, Beijing 100101, China. E-mail: [email protected].
Abstract: This paper uses a real-time anomaly attack detection based on improved variable length sequences and data mining. The method is mainly used for host-based intrusion detection systems on Linux or Unix platforms which use shell commands. The algorithm first generates a stream of command sequences with different lengths and subsumes them into a generic sequence library, de-duplicats and sortes shell command sequences. The shell command sequences are then stratified according to their weighted frequency of occurrence to define the state. Next, the behavioural patterns of normal users are mined to output the state stream and a Markov chain is constructed. Then, the state sequences are calculated based on a primary probability distribution and a transfer probability matrix. The System will check decision values of the short sequence stream. Finally, the decision values of the behavioural sequences are analysed to determine whether the current session user is behaving abnormally. The improved algorithm introduces the concept of multi-order frequencies and proposes a new separation mechanism. The extension module is integrated into the variable length model. By comparing the performance of the old and new separation mechanisms on the SEA dataset and the self-made dataset (SD), it is found that the improved model greatly improves the performance of the model and shortens the running time.
Keywords: Variable length model, Markov, new separation mechanism, weighted frequency
DOI: 10.3233/JCM-226663
Journal: Journal of Computational Methods in Sciences and Engineering, vol. 23, no. 3, pp. 1179-1195, 2023
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]