Abstract
In this paper we describe anomaly-based intrusion detection as a specialized case of the more general behavior detection problem. We draw concepts from the field of ethology to help us describe and characterize behavior and interactions. We briefly introduce a general framework for behavior detection and an algorithm for building a Markov-based model of behavior. We then apply the framework creating a proof-of-concept intrusion detection system (IDS) that can detect normal and intrusive behavior.
Work partially supported by the FIRB-Perf Italian project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Serazzi, G., Zanero, S.: Computer Virus Propagation Models. In: Calzarossa, M.C., Gelenbe, E. (eds.) MASCOTS 2003. LNCS, vol. 2965, pp. 26–50. Springer, Heidelberg (2004)
Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (1980)
Colombetti, M., Dorigo, M., Borghi, G.: Behavior Analysis and Training: A Methodology for Behavior Engineering. IEEE Transactions on Systems, Man and Cybernetics 26, 365–380 (1996)
Martin, P., Bateson, P.: Measuring Behaviour: An Introductory Guide, 2nd edn. Cambridge University Press, Cambridge (1993)
Lorenz, K.Z.: The Comparative Method in Studying Innate Behaviour Patterns. In: Symposia of the Society for Experimental Biology, p. 226 (1950)
Barlow, G.W.: Ethological Units of Behavior, pp. 217–237. Chicago University Press, Chicago (1968)
Jha, S., Tan, K., Maxion, R.A.: Markov Chains, Classifiers, and Intrusion Detection. In: 14th IEEE Computer Security Foundations Workshop, p. 206 (2001)
Zanero, S., Savaresi, S.M.: Unsupervised Learning Techniques for an Intrusion Detection System. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 412–419. ACM Press, New York (2004)
Ju, W.H., Vardi, Y.: A Hybrid High-Order Markov Chain Model for Computer Intrusion Detection. Journal of Computational and Graphical Statistics 10, 277–295 (2001)
Rabiner, L.R.: A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition. In: Proceedings of the IEEE, vol. 77, pp. 257–286 (1989)
Baum, L.E., Eagon, J.A.: An Inequality with Applications to Statistical Prediction for Functions of Markov Process and to a Model of Ecology. Bulletin of the American Mathematical Society, 360–363 (1967)
Merhav, N., Gutman, M., Ziv, J.: On the Estimation of the Order of a Markov Chain and Universal Data Compression. IEEE Transactions on Information Theory 35, 1014–1019 (1989)
Haccou, P., Meelis, E.: Statistical Analysis of Behavioural Data. In: An Approach Based on Time-Structured Models, Oxford University Press, Oxford (1992)
Cheung, Y.M., Xu, L.: An RPCL-Based Approach for Markov Model Identification with Unknown State Number. IEEE Signal Processing Letters 7, 284–287 (2000)
Baum, L.: An Inequality and Associated Maximization Technique in Statistical Estimation for Probabilistic Functions of Markov Processes. Inequalities, 1–8 (1972)
Moore, J.B., Krishnamurthy, V.: On-line Estimation of Hidden Markov Model Based on the Kullback-Leibler Information Measure. IEEE Transactions on Signal Processing, 2557–2573 (1993)
Yeung, D.Y., Ding, Y.: Host-Based Intrusion Detection Using Dynamic and Static Behavioral Models. Pattern Recognition 36, 229–243 (2003)
Juang, B.H., Rabiner, L.: A Probabilistic Distance Measure for Hidden Markov Models. AT&T Technical Journal 64, 391–408 (1985)
Stolcke, A., Omohundro, S.: Hidden Markov Model Induction by Bayesian Model Merging. In: Advances in Neural Information Processing Systems, vol. 5, pp. 11–18. Morgan Kaufmann, San Francisco (1993)
Stolcke, A., Omohundro, S.M.: Best-First Model Merging for Hidden Markov Model Induction. Technical Report TR-94-003, Berkeley, CA (1994)
te Boekhorst, I.R.J.: Freeing Machines from Cartesian Chains. In: Beynon, M., Nehaniv, C.L., Dautenhahn, K. (eds.) CT 2001. LNCS (LNAI), vol. 2117, pp. 95–108. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zanero, S. (2004). Behavioral Intrusion Detection. In: Aykanat, C., Dayar, T., Körpeoğlu, İ. (eds) Computer and Information Sciences - ISCIS 2004. ISCIS 2004. Lecture Notes in Computer Science, vol 3280. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30182-0_66
Download citation
DOI: https://doi.org/10.1007/978-3-540-30182-0_66
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23526-2
Online ISBN: 978-3-540-30182-0
eBook Packages: Springer Book Archive