抄録
In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system logs in order to discover an MLSI-which is an certain event which in many cases occurs during an intrusion. If an MLSI is found, then IDA judges whether the MLSI is accompanied by an intrusion. We adopt discriminant analysis to analyze information after IDA detects an MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to separate intrusive activities from non-intrusive activities. Using discriminant analysis, we can detect intrusions by analyzing only a part of system calls occurring on a host machine, and we can determine whether an unknown sample is an intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.
| 本文言語 | English |
|---|---|
| ホスト出版物のタイトル | Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002 |
| 出版社 | Institute of Electrical and Electronics Engineers Inc. |
| ページ | 64-73 |
| ページ数 | 10 |
| ISBN(印刷版) | 0769514472, 9780769514475 |
| DOI | |
| 出版ステータス | Published - 2002 |
| イベント | Symposium on Applications and the Internet, SAINT 2002 - Nara City, Japan 継続期間: 2002 1月 28 → 2002 2月 1 |
Other
| Other | Symposium on Applications and the Internet, SAINT 2002 |
|---|---|
| 国/地域 | Japan |
| City | Nara City |
| Period | 02/1/28 → 02/2/1 |
ASJC Scopus subject areas
- コンピュータ ネットワークおよび通信
- コンピュータ サイエンスの応用