Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
KDD
2004
ACM
2004
ACM
Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage
We present and empirically analyze a machine-learning approach for detecting intrusions on individual computers. Our Winnowbased algorithm continually monitors user and system behavior, recording such properties as the number of bytes transferred over the last 10 seconds, the programs that currently are running, and the load on the CPU. In all, hundreds of measurements are made and analyzed each second. Using this data, our algorithm creates a model that represents each particular computer's range of normal behavior. Parameters that determine when an alarm should be raised, due to abnormal activity, are set on a percomputer basis, based on an analysis of training data. A major issue in intrusion-detection systems is the need for very low falsealarm rates. Our empirical results suggest that it is possible to obtain high intrusion-detection rates (95%) and low false-alarm rates (less than one per day per computer), without "stealing" too many CPU cycles (less than 1%). We...
Real-time Traffic| Added | 30 Nov 2009 |
| Updated | 30 Nov 2009 |
| Type | Conference |
| Year | 2004 |
| Where | KDD |
| Authors | Jude W. Shavlik, Mark Shavlik |
Comments (0)
Researcher Info
|
