Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data

“…With no attention about predictions, references (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006) applied diverse probabilistic techniques (decision tree, Hotelling's T² test, chi-square multivariate, Markov chain and Exponential Weighted Moving Average (EWMA)) on audit data as a way to analyze three properties of the UIT: frequency, duration, and ordering. Reference (Ye et al, 2001), (Ye et al, 2003) has come to the following findings: 1) The sequence of events is necessary for IDPS, as a single audit event at a given time is not sufficient; 2) Ordering (transaction (Wong et al, 2006)) provides additional advantage to the frequency property, but it is computationally intensive. According to (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006), the frequency property by itself provides good intrusion detection.…”

“…Reference (Ye et al, 2001), (Ye et al, 2003) has come to the following findings: 1) The sequence of events is necessary for IDPS, as a single audit event at a given time is not sufficient; 2) Ordering (transaction (Wong et al, 2006)) provides additional advantage to the frequency property, but it is computationally intensive. According to (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006), the frequency property by itself provides good intrusion detection. References (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006) did not approach correlation for IDPS.…”

“…According to (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006), the frequency property by itself provides good intrusion detection. References (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006) did not approach correlation for IDPS. Moving averages (simple, weighted, EWMA, or central) with time series data are regularly used to smooth out fluctuations and highlight trends (NIST, 2009).…”

Earthquake Prediction: Analogy with Forecasting Models for Cyber Attacks in Internet and Computer Systems

“…With no attention about predictions, references (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006) applied diverse probabilistic techniques (decision tree, Hotelling's T² test, chi-square multivariate, Markov chain and Exponential Weighted Moving Average (EWMA)) on audit data as a way to analyze three properties of the UIT: frequency, duration, and ordering. Reference (Ye et al, 2001), (Ye et al, 2003) has come to the following findings: 1) The sequence of events is necessary for IDPS, as a single audit event at a given time is not sufficient; 2) Ordering (transaction (Wong et al, 2006)) provides additional advantage to the frequency property, but it is computationally intensive. According to (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006), the frequency property by itself provides good intrusion detection.…”

“…Reference (Ye et al, 2001), (Ye et al, 2003) has come to the following findings: 1) The sequence of events is necessary for IDPS, as a single audit event at a given time is not sufficient; 2) Ordering (transaction (Wong et al, 2006)) provides additional advantage to the frequency property, but it is computationally intensive. According to (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006), the frequency property by itself provides good intrusion detection. References (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006) did not approach correlation for IDPS.…”

“…According to (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006), the frequency property by itself provides good intrusion detection. References (Ye et al, 2001), (Ye et al, 2003), (Wong et al, 2006) did not approach correlation for IDPS. Moving averages (simple, weighted, EWMA, or central) with time series data are regularly used to smooth out fluctuations and highlight trends (NIST, 2009).…”

Earthquake Prediction: Analogy with Forecasting Models for Cyber Attacks in Internet and Computer Systems

“…Researchers applied many anomaly detection techniques to intrusion detection. Vast majority of these researches concentrated on mining various types of data collected from raw network traffic or system audit data in order to build more accurate IDS [10], [11], [12]; that correctly classify alarms into attack and benign categories [13], [14], [15]. In this paper, anomaly intrusion detection system that detects anomalies by observing network traffic was considered.…”

Relevant Feature Selection Model Using Data Mining for Intrusion Detection System

“…With the development of the uncertainty theory, fuzzy sets [9] and rough sets [10] are investigated to conduct intrusion detection. Besides, self-organizing maps (SOM) [11,12] and principal component analysis (PCA) [13,14] also belong to the current typical methods. In spite of a lot of relevant intrusion detection models, how to select the features is always an essential issue we have to face.…”

Novel Intrusion Detection Method based on Triangular Matrix Factorization