By Topic

Host-based intrusion detection by monitoring Windows registry accesses

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Topallar, M. ; Bogazici Univ., Istanbul, Turkey ; Depren, M.O. ; Anarim, E. ; Ciliz, K.

We propose a host-based intrusion detection system for Microsoft Windows. The proposed system detects attacks on a host machine by monitoring anomalous accesses to the Windows registry. First, a model of normal registry behavior is trained for a host and then this model is used to detect abnormal registry accesses. The system trains a normal model using data that contains no attacks and then checks each access to the registry to determine whether or not the behavior is abnormal and corresponds to an attack. A new approach to register anomaly detection (RAD) is proposed in the meaning of model generator and anomaly detector. A self organizing map (SOM), a type of artificial neural network model, is used as an anomaly detection algorithm. The system is trained on a set of normal registry accesses using SOM algorithm and then it is used to detect the behavior of malicious software. The results of this study show that the proposed system is effective in detecting the behavior of malicious software and has a low rate of false alarms compared to other host-based intrusion detection systems.

Published in:

Signal Processing and Communications Applications Conference, 2004. Proceedings of the IEEE 12th

Date of Conference:

28-30 April 2004