Combining Multiple Host-Based Detectors Using Decision Tree

12 years 1 months ago
Combining Multiple Host-Based Detectors Using Decision Tree
Abstract. As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, have been raised. In the field of anomaly-based IDS several artificial intelligence techniques are used to model normal behavior. However, there is no perfect detection method so that most of IDSs can detect the limited types of intrusion and suffers from its false alarms. Combining multiple detectors can be a good solution for this problem of conventional anomaly detectors. This paper proposes a detection method that combines multiple detectors using a machine learning technique called decision tree. We use conventional measures for intrusion detection and modeling methods appropriate to each measure. System calls, resource usage and file access events are used to measure user’s behavior and hidden Markov model, statistical method and rule-base method are used to model these measures which a...
Sang-Jun Han, Sung-Bae Cho
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Authors Sang-Jun Han, Sung-Bae Cho
Comments (0)