SpringerLink
Log in

Behavioral Intrusion Detection

  • Conference paper
Computer and Information Sciences - ISCIS 2004 (ISCIS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3280))

Included in the following conference series:

Abstract

In this paper we describe anomaly-based intrusion detection as a specialized case of the more general behavior detection problem. We draw concepts from the field of ethology to help us describe and characterize behavior and interactions. We briefly introduce a general framework for behavior detection and an algorithm for building a Markov-based model of behavior. We then apply the framework creating a proof-of-concept intrusion detection system (IDS) that can detect normal and intrusive behavior.

Work partially supported by the FIRB-Perf Italian project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Serazzi, G., Zanero, S.: Computer Virus Propagation Models. In: Calzarossa, M.C., Gelenbe, E. (eds.) MASCOTS 2003. LNCS, vol. 2965, pp. 26–50. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  2. Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (1980)

    Google Scholar 

  3. Colombetti, M., Dorigo, M., Borghi, G.: Behavior Analysis and Training: A Methodology for Behavior Engineering. IEEE Transactions on Systems, Man and Cybernetics 26, 365–380 (1996)

    Article  Google Scholar 

  4. Martin, P., Bateson, P.: Measuring Behaviour: An Introductory Guide, 2nd edn. Cambridge University Press, Cambridge (1993)

    Google Scholar 

  5. Lorenz, K.Z.: The Comparative Method in Studying Innate Behaviour Patterns. In: Symposia of the Society for Experimental Biology, p. 226 (1950)

    Google Scholar 

  6. Barlow, G.W.: Ethological Units of Behavior, pp. 217–237. Chicago University Press, Chicago (1968)

    Google Scholar 

  7. Jha, S., Tan, K., Maxion, R.A.: Markov Chains, Classifiers, and Intrusion Detection. In: 14th IEEE Computer Security Foundations Workshop, p. 206 (2001)

    Google Scholar 

  8. Zanero, S., Savaresi, S.M.: Unsupervised Learning Techniques for an Intrusion Detection System. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 412–419. ACM Press, New York (2004)

    Chapter  Google Scholar 

  9. Ju, W.H., Vardi, Y.: A Hybrid High-Order Markov Chain Model for Computer Intrusion Detection. Journal of Computational and Graphical Statistics 10, 277–295 (2001)

    Article  MathSciNet  Google Scholar 

  10. Rabiner, L.R.: A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition. In: Proceedings of the IEEE, vol. 77, pp. 257–286 (1989)

    Google Scholar 

  11. Baum, L.E., Eagon, J.A.: An Inequality with Applications to Statistical Prediction for Functions of Markov Process and to a Model of Ecology. Bulletin of the American Mathematical Society, 360–363 (1967)

    Google Scholar 

  12. Merhav, N., Gutman, M., Ziv, J.: On the Estimation of the Order of a Markov Chain and Universal Data Compression. IEEE Transactions on Information Theory 35, 1014–1019 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  13. Haccou, P., Meelis, E.: Statistical Analysis of Behavioural Data. In: An Approach Based on Time-Structured Models, Oxford University Press, Oxford (1992)

    Google Scholar 

  14. Cheung, Y.M., Xu, L.: An RPCL-Based Approach for Markov Model Identification with Unknown State Number. IEEE Signal Processing Letters 7, 284–287 (2000)

    Article  Google Scholar 

  15. Baum, L.: An Inequality and Associated Maximization Technique in Statistical Estimation for Probabilistic Functions of Markov Processes. Inequalities, 1–8 (1972)

    Google Scholar 

  16. Moore, J.B., Krishnamurthy, V.: On-line Estimation of Hidden Markov Model Based on the Kullback-Leibler Information Measure. IEEE Transactions on Signal Processing, 2557–2573 (1993)

    Google Scholar 

  17. Yeung, D.Y., Ding, Y.: Host-Based Intrusion Detection Using Dynamic and Static Behavioral Models. Pattern Recognition 36, 229–243 (2003)

    Article  MATH  Google Scholar 

  18. Juang, B.H., Rabiner, L.: A Probabilistic Distance Measure for Hidden Markov Models. AT&T Technical Journal 64, 391–408 (1985)

    MathSciNet  Google Scholar 

  19. Stolcke, A., Omohundro, S.: Hidden Markov Model Induction by Bayesian Model Merging. In: Advances in Neural Information Processing Systems, vol. 5, pp. 11–18. Morgan Kaufmann, San Francisco (1993)

    Google Scholar 

  20. Stolcke, A., Omohundro, S.M.: Best-First Model Merging for Hidden Markov Model Induction. Technical Report TR-94-003, Berkeley, CA (1994)

    Google Scholar 

  21. te Boekhorst, I.R.J.: Freeing Machines from Cartesian Chains. In: Beynon, M., Nehaniv, C.L., Dautenhahn, K. (eds.) CT 2001. LNCS (LNAI), vol. 2117, pp. 95–108. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Elettronica e Informazione, Politecnico di Milano, Via Ponzio 34/5, 20133, Milano, Italy

    Stefano Zanero

Authors
  1. Stefano Zanero
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Bilkent University, TR-06800, Bilkent, Ankara, Turkey

    Cevdet Aykanat

  2. No Affiliation,  

    Tuǧrul Dayar

  3. Department of Computer Engineering, Bilkent University, 06800, Bilkent, Ankara, Turkey

    İbrahim Körpeoğlu

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zanero, S. (2004). Behavioral Intrusion Detection. In: Aykanat, C., Dayar, T., Körpeoğlu, İ. (eds) Computer and Information Sciences - ISCIS 2004. ISCIS 2004. Lecture Notes in Computer Science, vol 3280. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30182-0_66

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30182-0_66

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23526-2

  • Online ISBN: 978-3-540-30182-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation