By Topic

Anomaly-Based Intrusion Detection System Sharing Normal Behavior Databases among Different Machines

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Sho Ohtahara ; Dept. of Comput. Sci., Univ. of Electro-Commun., Chofu, Japan ; Takayuki Kamiyama ; Yoshihiro Oyama

A number of studies have examined anomaly detection systems based on training of system call sequences in the normal execution of applications. However, many of these anomaly detection systems have low detection accuracy when the training is not sufficient. This occurs because the normal behavior data obtained through training on one machine cannot be used for detection on another machine. In this paper, we propose an anomaly detection system that shares normal behavior data between multiple machines. In the proposed system, normal behavior data obtained on each machine is accumulated in a server and the integrated data is distributed to each machine.This system improves the detection accuracy by integrating the data used for anomaly detection on each machine. The proposed system not only provides a straightforward algorithm for integration, but also two improved algorithms, namely, the majority algorithm and the similarity algorithm. The proposed system was implemented on the Linux operating system, and its behavior was compared experimentally with that of an existing system.

Published in:

Computer and Information Technology, 2009. CIT '09. Ninth IEEE International Conference on  (Volume:1 )

Date of Conference:

11-14 Oct. 2009