Skip to Main Content
Rough Set Theory has been widely used in pattern recognition. In this paper, the rough set theory has been applied to the intrusion detection. An effective method based rough set for anomaly intrusion detection with low overhead and high efficiency has been presented. The method is based on Rough Set Theory to extract a set of detection rules with a minimal size as the normal behavior model from the system call sequences generated during the normal execution of a process. It is capable of detecting the abnormal operating status of a process and thus reporting a possible intrusion. This method requires a smaller size of training data set compared with other methods, less effort to collect training data and is more suitable for real-time detection. Experimental results show that this method is promising in terms of detection accuracy and efficiency.