Premium
A rough set theory based method for anomaly intrusion detection in computer network systems
Author(s) -
Cai Zhongmin,
Guan Xiaohong,
Shao Ping,
Peng Qingke,
Sun Guoji
Publication year - 2003
Publication title -
expert systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.365
H-Index - 38
eISSN - 1468-0394
pISSN - 0266-4720
DOI - 10.1111/1468-0394.00249
Subject(s) - computer science , intrusion detection system , rough set , anomaly detection , data mining , anomaly based intrusion detection system , process (computing) , set (abstract data type) , network security , overhead (engineering) , data set , system call , training set , artificial intelligence , pattern recognition (psychology) , computer security , operating system , programming language
Intrusion detection is important in the defense‐in‐depth network security framework. This paper presents an effective method for anomaly intrusion detection with low overhead and high efficiency. The method is based on rough set theory to extract a set of detection rules with a minimal size as the normal behavior model from the system call sequences generated during the normal execution of a process. It is capable of detecting the abnormal operating status of a process and thus reporting a possible intrusion. Compared with other methods, the method requires a smaller size of training data set and less effort to collect training data and is more suitable for real‐time detection. Empirical results show that the method is promising in terms of detection accuracy, required training data set and efficiency.