Remote attack detection method in IDA

MLSI-based intrusion detection using discriminant analysis

M. Asaka, T. Onabura, T. Inoue, Shigeki Goto

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    6 Citations (Scopus)

    Abstract

    In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system logs in order to discover an MLSI-which is an certain event which in many cases occurs during an intrusion. If an MLSI is found, then IDA judges whether the MLSI is accompanied by an intrusion. We adopt discriminant analysis to analyze information after IDA detects an MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to separate intrusive activities from non-intrusive activities. Using discriminant analysis, we can detect intrusions by analyzing only a part of system calls occurring on a host machine, and we can determine whether an unknown sample is an intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.

    Original languageEnglish
    Title of host publicationProceedings - 2002 Symposium on Applications and the Internet, SAINT 2002
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages64-73
    Number of pages10
    ISBN (Print)0769514472, 9780769514475
    DOIs
    Publication statusPublished - 2002
    EventSymposium on Applications and the Internet, SAINT 2002 - Nara City, Japan
    Duration: 2002 Jan 282002 Feb 1

    Other

    OtherSymposium on Applications and the Internet, SAINT 2002
    CountryJapan
    CityNara City
    Period02/1/2802/2/1

    Fingerprint

    Intrusion detection
    Discriminant analysis

    Keywords

    • Internet
    • Intrusion detection

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Computer Science Applications

    Cite this

    Asaka, M., Onabura, T., Inoue, T., & Goto, S. (2002). Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis. In Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002 (pp. 64-73). [994451] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SAINT.2002.994451

    Remote attack detection method in IDA : MLSI-based intrusion detection using discriminant analysis. / Asaka, M.; Onabura, T.; Inoue, T.; Goto, Shigeki.

    Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002. Institute of Electrical and Electronics Engineers Inc., 2002. p. 64-73 994451.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Asaka, M, Onabura, T, Inoue, T & Goto, S 2002, Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis. in Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002., 994451, Institute of Electrical and Electronics Engineers Inc., pp. 64-73, Symposium on Applications and the Internet, SAINT 2002, Nara City, Japan, 02/1/28. https://doi.org/10.1109/SAINT.2002.994451
    Asaka M, Onabura T, Inoue T, Goto S. Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis. In Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002. Institute of Electrical and Electronics Engineers Inc. 2002. p. 64-73. 994451 https://doi.org/10.1109/SAINT.2002.994451
    Asaka, M. ; Onabura, T. ; Inoue, T. ; Goto, Shigeki. / Remote attack detection method in IDA : MLSI-based intrusion detection using discriminant analysis. Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002. Institute of Electrical and Electronics Engineers Inc., 2002. pp. 64-73
    @inproceedings{3a1f06d2443a4505b2d5c39080d54d9e,
    title = "Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis",
    abstract = "In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system logs in order to discover an MLSI-which is an certain event which in many cases occurs during an intrusion. If an MLSI is found, then IDA judges whether the MLSI is accompanied by an intrusion. We adopt discriminant analysis to analyze information after IDA detects an MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to separate intrusive activities from non-intrusive activities. Using discriminant analysis, we can detect intrusions by analyzing only a part of system calls occurring on a host machine, and we can determine whether an unknown sample is an intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.",
    keywords = "Internet, Intrusion detection",
    author = "M. Asaka and T. Onabura and T. Inoue and Shigeki Goto",
    year = "2002",
    doi = "10.1109/SAINT.2002.994451",
    language = "English",
    isbn = "0769514472",
    pages = "64--73",
    booktitle = "Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",

    }

    TY - GEN

    T1 - Remote attack detection method in IDA

    T2 - MLSI-based intrusion detection using discriminant analysis

    AU - Asaka, M.

    AU - Onabura, T.

    AU - Inoue, T.

    AU - Goto, Shigeki

    PY - 2002

    Y1 - 2002

    N2 - In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system logs in order to discover an MLSI-which is an certain event which in many cases occurs during an intrusion. If an MLSI is found, then IDA judges whether the MLSI is accompanied by an intrusion. We adopt discriminant analysis to analyze information after IDA detects an MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to separate intrusive activities from non-intrusive activities. Using discriminant analysis, we can detect intrusions by analyzing only a part of system calls occurring on a host machine, and we can determine whether an unknown sample is an intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.

    AB - In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system logs in order to discover an MLSI-which is an certain event which in many cases occurs during an intrusion. If an MLSI is found, then IDA judges whether the MLSI is accompanied by an intrusion. We adopt discriminant analysis to analyze information after IDA detects an MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to separate intrusive activities from non-intrusive activities. Using discriminant analysis, we can detect intrusions by analyzing only a part of system calls occurring on a host machine, and we can determine whether an unknown sample is an intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.

    KW - Internet

    KW - Intrusion detection

    UR - http://www.scopus.com/inward/record.url?scp=84950109260&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84950109260&partnerID=8YFLogxK

    U2 - 10.1109/SAINT.2002.994451

    DO - 10.1109/SAINT.2002.994451

    M3 - Conference contribution

    SN - 0769514472

    SN - 9780769514475

    SP - 64

    EP - 73

    BT - Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -