A new intrusion detection method based on discriminant analysis

Midori Asaka, Takefumi Onabuta, Tadashi Inoue, Shunji Okazawa, Shigeki Goto

    Research output: Contribution to journalArticle

    30 Citations (Scopus)

    Abstract

    Many methods have been proposed to detect intrusions; for example, the pattern matching method on known intrusion patterns and the statistical approach to detecting deviation from normal activities. We investigated a new method for detecting intrusions based on the number of system calls during a user's network activity on a host machine. This method attempts to separate intrusions from normal activities by using discriminant analysis, a kind of multivariate analysis. We can detect intrusions by analyzing only 11 system calls occurring on a host machine by discriminant analysis with the Mahalanobis' distance, and can also tell whether an unknown sample is an intrusion. Our approach is a lightweight intrusion detection method, given that it requires only 11 system calls for analysis. Moreover, our approach does not require user profiles or a user activity database in order to detect intrusions. This paper explains our new method for the separation of intrusions and normal behavior by discriminant analysis, and describes the classification method by which to identify an unknown behavior.

    Original languageEnglish
    Pages (from-to)570-577
    Number of pages8
    JournalIEICE Transactions on Information and Systems
    VolumeE84-D
    Issue number5
    Publication statusPublished - 2001 May

    Fingerprint

    Intrusion detection
    Discriminant analysis
    Pattern matching

    Keywords

    • Discriminant analysis
    • Intrusion detection
    • Multivariate analysis
    • Network security
    • System call

    ASJC Scopus subject areas

    • Information Systems
    • Computer Graphics and Computer-Aided Design
    • Software

    Cite this

    Asaka, M., Onabuta, T., Inoue, T., Okazawa, S., & Goto, S. (2001). A new intrusion detection method based on discriminant analysis. IEICE Transactions on Information and Systems, E84-D(5), 570-577.

    A new intrusion detection method based on discriminant analysis. / Asaka, Midori; Onabuta, Takefumi; Inoue, Tadashi; Okazawa, Shunji; Goto, Shigeki.

    In: IEICE Transactions on Information and Systems, Vol. E84-D, No. 5, 05.2001, p. 570-577.

    Research output: Contribution to journalArticle

    Asaka, M, Onabuta, T, Inoue, T, Okazawa, S & Goto, S 2001, 'A new intrusion detection method based on discriminant analysis', IEICE Transactions on Information and Systems, vol. E84-D, no. 5, pp. 570-577.
    Asaka M, Onabuta T, Inoue T, Okazawa S, Goto S. A new intrusion detection method based on discriminant analysis. IEICE Transactions on Information and Systems. 2001 May;E84-D(5):570-577.
    Asaka, Midori ; Onabuta, Takefumi ; Inoue, Tadashi ; Okazawa, Shunji ; Goto, Shigeki. / A new intrusion detection method based on discriminant analysis. In: IEICE Transactions on Information and Systems. 2001 ; Vol. E84-D, No. 5. pp. 570-577.
    @article{787ff4190f2a44c8a1533ad5374bd7ae,
    title = "A new intrusion detection method based on discriminant analysis",
    abstract = "Many methods have been proposed to detect intrusions; for example, the pattern matching method on known intrusion patterns and the statistical approach to detecting deviation from normal activities. We investigated a new method for detecting intrusions based on the number of system calls during a user's network activity on a host machine. This method attempts to separate intrusions from normal activities by using discriminant analysis, a kind of multivariate analysis. We can detect intrusions by analyzing only 11 system calls occurring on a host machine by discriminant analysis with the Mahalanobis' distance, and can also tell whether an unknown sample is an intrusion. Our approach is a lightweight intrusion detection method, given that it requires only 11 system calls for analysis. Moreover, our approach does not require user profiles or a user activity database in order to detect intrusions. This paper explains our new method for the separation of intrusions and normal behavior by discriminant analysis, and describes the classification method by which to identify an unknown behavior.",
    keywords = "Discriminant analysis, Intrusion detection, Multivariate analysis, Network security, System call",
    author = "Midori Asaka and Takefumi Onabuta and Tadashi Inoue and Shunji Okazawa and Shigeki Goto",
    year = "2001",
    month = "5",
    language = "English",
    volume = "E84-D",
    pages = "570--577",
    journal = "IEICE Transactions on Information and Systems",
    issn = "0916-8532",
    publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
    number = "5",

    }

    TY - JOUR

    T1 - A new intrusion detection method based on discriminant analysis

    AU - Asaka, Midori

    AU - Onabuta, Takefumi

    AU - Inoue, Tadashi

    AU - Okazawa, Shunji

    AU - Goto, Shigeki

    PY - 2001/5

    Y1 - 2001/5

    N2 - Many methods have been proposed to detect intrusions; for example, the pattern matching method on known intrusion patterns and the statistical approach to detecting deviation from normal activities. We investigated a new method for detecting intrusions based on the number of system calls during a user's network activity on a host machine. This method attempts to separate intrusions from normal activities by using discriminant analysis, a kind of multivariate analysis. We can detect intrusions by analyzing only 11 system calls occurring on a host machine by discriminant analysis with the Mahalanobis' distance, and can also tell whether an unknown sample is an intrusion. Our approach is a lightweight intrusion detection method, given that it requires only 11 system calls for analysis. Moreover, our approach does not require user profiles or a user activity database in order to detect intrusions. This paper explains our new method for the separation of intrusions and normal behavior by discriminant analysis, and describes the classification method by which to identify an unknown behavior.

    AB - Many methods have been proposed to detect intrusions; for example, the pattern matching method on known intrusion patterns and the statistical approach to detecting deviation from normal activities. We investigated a new method for detecting intrusions based on the number of system calls during a user's network activity on a host machine. This method attempts to separate intrusions from normal activities by using discriminant analysis, a kind of multivariate analysis. We can detect intrusions by analyzing only 11 system calls occurring on a host machine by discriminant analysis with the Mahalanobis' distance, and can also tell whether an unknown sample is an intrusion. Our approach is a lightweight intrusion detection method, given that it requires only 11 system calls for analysis. Moreover, our approach does not require user profiles or a user activity database in order to detect intrusions. This paper explains our new method for the separation of intrusions and normal behavior by discriminant analysis, and describes the classification method by which to identify an unknown behavior.

    KW - Discriminant analysis

    KW - Intrusion detection

    KW - Multivariate analysis

    KW - Network security

    KW - System call

    UR - http://www.scopus.com/inward/record.url?scp=0035338003&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=0035338003&partnerID=8YFLogxK

    M3 - Article

    VL - E84-D

    SP - 570

    EP - 577

    JO - IEICE Transactions on Information and Systems

    JF - IEICE Transactions on Information and Systems

    SN - 0916-8532

    IS - 5

    ER -