A new intrusion detection method based on discriminant analysis

Midori Asaka, Takefumi Onabuta, Tadashi Inoue, Shunji Okazawa, Shigeki Goto

    Research output: Contribution to journalArticle

    31 Citations (Scopus)

    Abstract

    Many methods have been proposed to detect intrusions; for example, the pattern matching method on known intrusion patterns and the statistical approach to detecting deviation from normal activities. We investigated a new method for detecting intrusions based on the number of system calls during a user's network activity on a host machine. This method attempts to separate intrusions from normal activities by using discriminant analysis, a kind of multivariate analysis. We can detect intrusions by analyzing only 11 system calls occurring on a host machine by discriminant analysis with the Mahalanobis' distance, and can also tell whether an unknown sample is an intrusion. Our approach is a lightweight intrusion detection method, given that it requires only 11 system calls for analysis. Moreover, our approach does not require user profiles or a user activity database in order to detect intrusions. This paper explains our new method for the separation of intrusions and normal behavior by discriminant analysis, and describes the classification method by which to identify an unknown behavior.

    Original languageEnglish
    Pages (from-to)570-577
    Number of pages8
    JournalIEICE Transactions on Information and Systems
    VolumeE84-D
    Issue number5
    Publication statusPublished - 2001 May

    Keywords

    • Discriminant analysis
    • Intrusion detection
    • Multivariate analysis
    • Network security
    • System call

    ASJC Scopus subject areas

    • Information Systems
    • Computer Graphics and Computer-Aided Design
    • Software

    Fingerprint Dive into the research topics of 'A new intrusion detection method based on discriminant analysis'. Together they form a unique fingerprint.

  • Cite this

    Asaka, M., Onabuta, T., Inoue, T., Okazawa, S., & Goto, S. (2001). A new intrusion detection method based on discriminant analysis. IEICE Transactions on Information and Systems, E84-D(5), 570-577.