Abstract
Since computers have become a mainstay of everyday life, techniques and methods for detecting intrusions as well as protecting systems and data from unwanted parties have received significant attention recently. We focus on detecting improper use of computer systems through the analysis of user command data. Our approach looks at the structure of the commands used and generates a model which can be used to test new commands. This is accompanied by an analysis of the performance of the proposed approach. Although we focus on commands, the techniques presented in this paper can be extended to allow analysis of other data, such as system calls.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Antonatos, S., Anagnostakis, K., Polychronakis, M., Markatos, E.: Performance analysis of content matching intrusion detection systems. In: Proceedings of the 4th IEEE/IPSJ Symposium on Applications and the Internet, pp. 25–30 (2004)
Clark, C.R., Schimmel, D.E.: A pattern-matching co-processor for network intrusion detection systems. In: IEEE International Conference on Field-Programmable Technology (FPT), Tokyo, Japan, pp. 68–74 (2003)
Hettich, S., Bay, S.D.: The UCI KDD archive (1999), http://kdd.ics.uci.edu
Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Trans. Inf. Syst. Secur. 6(4), 443–471 (2003)
Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: KDD 2002: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 366–375. ACM Press, New York (2002)
Kumar, S., Spafford, E.H.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proceedings of the 17th National Computer Security Conference, pp. 11–21 (1994)
Lane, T., Brodley, C.E.: Approaches to online learning and concept drift for user identification in computer security. In: Knowledge Discovery and Data Mining, pp. 259–263 (1998)
Lane, T., Brodley, C.E.: Temporal sequence learning and data reduction for anomaly detection. ACM Trans. Inf. Syst. Secur. 2(3), 295–331 (1999)
Lee, W.: Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility. SIGKDD Explor. Newsl. 4(2), 35–42 (2002)
Pusara, M., Brodley, C.E.: User re-authentication via mouse movements. In: VizSEC/DMSEC 2004: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 1–8. ACM Press, New York (2004)
Ryan, J., Lin, M.-J., Miikkulainen, R.: Intrusion detection with neural networks. In: Jordan, M.I., Kearns, M.J., Solla, S.A. (eds.) Advances in Neural Information Processing Systems, vol. 10. MIT Press, Cambridge (1998)
Sequeira, K., Zaki, M.: Admit: anomaly-based data mining for intrusions. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 386–395. ACM Press, New York (2002)
Shavlik, J., Shavlik, M.: Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage. In: KDD 2004: Proceedings of the 2004 ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 276–285. ACM Press, New York (2004)
Ukkonen, E.: Constructing suffix trees on-line in linear time. In: Proceedings of the IFIP 12th World Computer Congress on Algorithms, Software, Architecture - Information Processing 1992, vol. 1, pp. 484–492. North-Holland, Amsterdam (1992)
Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: CCS 2002: Proceedings of the 9th ACM conference on Computer and communications security, pp. 255–264. ACM Press, New York (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gebski, M., Wong, R.K. (2005). Intrusion Detection via Analysis and Modelling of User Commands. In: Tjoa, A.M., Trujillo, J. (eds) Data Warehousing and Knowledge Discovery. DaWaK 2005. Lecture Notes in Computer Science, vol 3589. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11546849_38
Download citation
DOI: https://doi.org/10.1007/11546849_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28558-8
Online ISBN: 978-3-540-31732-6
eBook Packages: Computer ScienceComputer Science (R0)