Intrusion Detection via Analysis and Modelling of User Commands

Gebski, Matthew; Wong, Raymond K.

doi:10.1007/11546849_38

Intrusion Detection via Analysis and Modelling of User Commands

Matthew Gebski¹⁸ &
Raymond K. Wong¹⁸

Conference paper

1534 Accesses
3 Citations

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3589))

Abstract

Since computers have become a mainstay of everyday life, techniques and methods for detecting intrusions as well as protecting systems and data from unwanted parties have received significant attention recently. We focus on detecting improper use of computer systems through the analysis of user command data. Our approach looks at the structure of the commands used and generates a model which can be used to test new commands. This is accompanied by an analysis of the performance of the proposed approach. Although we focus on commands, the techniques presented in this paper can be extended to allow analysis of other data, such as system calls.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Antonatos, S., Anagnostakis, K., Polychronakis, M., Markatos, E.: Performance analysis of content matching intrusion detection systems. In: Proceedings of the 4th IEEE/IPSJ Symposium on Applications and the Internet, pp. 25–30 (2004)
Google Scholar
Clark, C.R., Schimmel, D.E.: A pattern-matching co-processor for network intrusion detection systems. In: IEEE International Conference on Field-Programmable Technology (FPT), Tokyo, Japan, pp. 68–74 (2003)
Google Scholar
Hettich, S., Bay, S.D.: The UCI KDD archive (1999), http://kdd.ics.uci.edu
Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Trans. Inf. Syst. Secur. 6(4), 443–471 (2003)
Article Google Scholar
Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: KDD 2002: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 366–375. ACM Press, New York (2002)
Chapter Google Scholar
Kumar, S., Spafford, E.H.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proceedings of the 17th National Computer Security Conference, pp. 11–21 (1994)
Google Scholar
Lane, T., Brodley, C.E.: Approaches to online learning and concept drift for user identification in computer security. In: Knowledge Discovery and Data Mining, pp. 259–263 (1998)
Google Scholar
Lane, T., Brodley, C.E.: Temporal sequence learning and data reduction for anomaly detection. ACM Trans. Inf. Syst. Secur. 2(3), 295–331 (1999)
Article Google Scholar
Lee, W.: Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility. SIGKDD Explor. Newsl. 4(2), 35–42 (2002)
Article Google Scholar
Pusara, M., Brodley, C.E.: User re-authentication via mouse movements. In: VizSEC/DMSEC 2004: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 1–8. ACM Press, New York (2004)
Chapter Google Scholar
Ryan, J., Lin, M.-J., Miikkulainen, R.: Intrusion detection with neural networks. In: Jordan, M.I., Kearns, M.J., Solla, S.A. (eds.) Advances in Neural Information Processing Systems, vol. 10. MIT Press, Cambridge (1998)
Google Scholar
Sequeira, K., Zaki, M.: Admit: anomaly-based data mining for intrusions. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 386–395. ACM Press, New York (2002)
Chapter Google Scholar
Shavlik, J., Shavlik, M.: Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage. In: KDD 2004: Proceedings of the 2004 ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 276–285. ACM Press, New York (2004)
Chapter Google Scholar
Ukkonen, E.: Constructing suffix trees on-line in linear time. In: Proceedings of the IFIP 12th World Computer Congress on Algorithms, Software, Architecture - Information Processing 1992, vol. 1, pp. 484–492. North-Holland, Amsterdam (1992)
Google Scholar
Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: CCS 2002: Proceedings of the 9th ACM conference on Computer and communications security, pp. 255–264. ACM Press, New York (2002)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

National ICT Australia and School of Computer Science & Engineering, University of New South Wales, Sydney, NSW, 2052, Australia
Matthew Gebski & Raymond K. Wong

Authors

Matthew Gebski
View author publications
You can also search for this author in PubMed Google Scholar
Raymond K. Wong
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Institute of Software Technology and Interactive Systems, Vienna University of Technology, Favoritenstr. 9-11/188, A-1040, Wien, Austria
A Min Tjoa
Department of Software and Computing Systems, University of Alicante, Spain
Juan Trujillo

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Gebski, M., Wong, R.K. (2005). Intrusion Detection via Analysis and Modelling of User Commands. In: Tjoa, A.M., Trujillo, J. (eds) Data Warehousing and Knowledge Discovery. DaWaK 2005. Lecture Notes in Computer Science, vol 3589. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11546849_38

Download citation

DOI: https://doi.org/10.1007/11546849_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28558-8
Online ISBN: 978-3-540-31732-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics