Remote attack detection method in IDA: MLSI-based intrusion detection with discriminant analysis

Midori Asaka*, Takefumi Onabuta, Tadashi Inoue, Shunji Okazawa, Shigeki Goto

*この研究の対応する著者

    研究成果: Article査読

    抄録

    In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system logs in order to discover an MLSI - which is a certain event which in many cases occurs during an intrusion. If an MLSI is found, then IDA judges whether the MLSI is accompanied by an intrusion. We adopt discriminant analysis to analyze information after IDA detects an MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to separate intrusive activities from nonintrusive activities. Using discriminant analysis, we can detect intrusions by analyzing only a part of the system calls occurring on a host machine, and we can determine whether an unknown sample is an intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.

    本文言語English
    ページ(範囲)50-62
    ページ数13
    ジャーナルElectronics and Communications in Japan, Part I: Communications (English translation of Denshi Tsushin Gakkai Ronbunshi)
    86
    4
    DOI
    出版ステータスPublished - 2003 4

    ASJC Scopus subject areas

    • コンピュータ ネットワークおよび通信
    • 電子工学および電気工学

    フィンガープリント

    「Remote attack detection method in IDA: MLSI-based intrusion detection with discriminant analysis」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

    引用スタイル