Host intrusion detection using system call argument-based clustering combined with Bayesian classification
Dissertant
Thesis advisor
Asim, Nasir
Rashidi, Taj al-Din
University
Al Akhawayn University
Faculty
School of Science and Engineering
Department
Computer Science
University Country
Morocco
Degree
Master
Degree Date
2014
English Abstract
We deal in this project with anomaly-based host intrusion detection using system call traces produced by a host's kernel.
Calls' arguments, together with contextual information and domain level knowledge are used, rst, to produce clusters for each individual system call.
These clusters are further used to rewrite process sequences of system calls obtained from kernel logs.
Results of clustering validation using the Silhouette width and validation are provided as well as a manual analysis of the produced clusters.
The new sequences are then fed to a nave Bayes supervised classi er (SC2.2) that builds class conditional probabilities from Markov modeling of system call sequences.
The results of our proposed two-stage (that is clustering followed by classi cation) intrusion detection system on the 1999 DARPA dataset from the MIT Lincoln Lab show signi cant performance improvements in terms of false positive rate (up to 20% improvements) , while maintaining a high detection rate when compared with other classi ers.
The two-stage classi er fares also better than bare classi cation with SC2.2 on system calls without arguments and contextual knowledge.
Main Subjects
Information Technology and Computer Science
Topics
No. of Pages
69
Table of Contents
Table of contents.
Abstract.
Abstract in Arabic.
Chapter One : Introduction.
Chapter Two : Intrusion detection.
Chapter Three : The proposed two-stage HIDS.
Chapter Four : Clustering system calls.
Chapter Five : Classifeir modeling and learning.
Chapter Six : Implementation.
Chapter Seven : Experiments and results.
Chapter Eight : Conclusion.
References.
American Psychological Association (APA)
Koucham, Walid. (2014). Host intrusion detection using system call argument-based clustering combined with Bayesian classification. (Master's theses Theses and Dissertations Master). Al Akhawayn University, Morocco
https://search.emarefa.net/detail/BIM-646384
Modern Language Association (MLA)
Koucham, Walid. Host intrusion detection using system call argument-based clustering combined with Bayesian classification. (Master's theses Theses and Dissertations Master). Al Akhawayn University. (2014).
https://search.emarefa.net/detail/BIM-646384
American Medical Association (AMA)
Koucham, Walid. (2014). Host intrusion detection using system call argument-based clustering combined with Bayesian classification. (Master's theses Theses and Dissertations Master). Al Akhawayn University, Morocco
https://search.emarefa.net/detail/BIM-646384
Language
English
Data Type
Arab Theses
Record ID
BIM-646384