A new intrusion detection method based on process profiling

Y. Okazaki, I. Sato, Shigeki Goto

    研究成果: Conference contribution

    27 引用 (Scopus)

    抜粋

    There are two well-known models for intrusion detection-anomaly intrusion detection (AID) model and misuse intrusion detection (MID) model. The former analyzes user behavior and the statistics of a process in a normal situation, and checks whether the system is being used in a different manner. The latter maintains a database of known intrusion techniques and detects intrusion by comparing behavior against the database. An intrusion detection method based on an AID model can detect a new intrusion method, but needs to update the data describing user behavior and statistics in normal usage. We call these information profiles. There are several problems in AID to be addressed. The profiles tend to be large. Detecting intrusion needs a large amount of system resources, like CPU time and memory and disk space. An MID model requires fewer system resources to detect intrusion. However, it cannot detect new, unknown intrusion methods. Our method solves these problems by recording system calls from daemon processes and setuid programs. We improved detection accuracy by adopting a DP matching scheme.

    元の言語English
    ホスト出版物のタイトルProceedings - 2002 Symposium on Applications and the Internet, SAINT 2002
    出版者Institute of Electrical and Electronics Engineers Inc.
    ページ82-90
    ページ数9
    ISBN(印刷物)0769514472, 9780769514475
    DOI
    出版物ステータスPublished - 2002
    イベントSymposium on Applications and the Internet, SAINT 2002 - Nara City, Japan
    継続期間: 2002 1 282002 2 1

    Other

    OtherSymposium on Applications and the Internet, SAINT 2002
    Japan
    Nara City
    期間02/1/2802/2/1

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Computer Science Applications

    フィンガープリント A new intrusion detection method based on process profiling' の研究トピックを掘り下げます。これらはともに一意のフィンガープリントを構成します。

  • これを引用

    Okazaki, Y., Sato, I., & Goto, S. (2002). A new intrusion detection method based on process profiling. : Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002 (pp. 82-90). [994455] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SAINT.2002.994455