Sciweavers

Share
JSS
2002

Automated discovery of concise predictive rules for intrusion detection

8 years 9 months ago
Automated discovery of concise predictive rules for intrusion detection
This paper details an essential component of a multi-agent distributed knowledge network system for intrusion detection. We describe a distributed intrusion detection architecture, complete with a data warehouse and mobile and stationary agents for distributed problem-solving to facilitate building, monitoring, and analyzing global, spatio-temporal views of intrusions on large distributed systems. An agent for the intrusion detection system, which uses a machine learning approach to automated discovery of concise rules from system call traces, is described. We use a feature vector representation to describe the system calls executed by privileged processes. The feature vectors are labeled as good or bad depending on whether or not they were executed during an observed attack. A rule learning algorithm is then used to induce rules that can be used to monitor the system and detect potential intrusions. We study the performance of the rule learning algorithm on this task with and without...
Guy G. Helmer, Johnny S. Wong, Vasant Honavar, Les
Added 22 Dec 2010
Updated 22 Dec 2010
Type Journal
Year 2002
Where JSS
Authors Guy G. Helmer, Johnny S. Wong, Vasant Honavar, Les Miller
Comments (0)
books