Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.1.115

Sequence based Intrusion Detection using Similarity Matching of the Multiple Sequence Alignments  

Kim Yong-Min (Div. of Information Technology. Yeosu National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.1, 2006 , pp. 115-122 More about this Journal
Abstract
The most methods for intrusion detection are based on the misuse detection which accumulates hewn intrusion information and makes a decision of an attack against any behavior data. However it is very difficult to detect a new or modified aoack with only the collected patterns of attack behaviors. Therefore, if considering that the method of anomaly behavior detection actually has a high false detection rate, a new approach is required for very huge intrusion patterns based on sequence. The approach can improve a possibility for intrusion detection of known attacks as well as modified and unknown attacks in addition to the similarity measurement of intrusion patterns. This paper proposes a method which applies the multiple sequence alignments technique to the similarity matching of the sequence based intrusion patterns. It enables the statistical analysis of sequence patterns and can be implemented easily. Also, the method reduces the number of detection alerts and false detection for attacks according to the changes of a sequence size.
Keywords
Multiple Sequence Alignments; Similarity Matching; Sequence based Intrusion Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Kummer and E. H. Spafford, 'An Application of Pattern Matching in Intrusion Detection.' Purdue University. Technical Report CSD-TR-94-013, 1994
2 A. Kosoresow, 'Intrusion Detection using Sequence of System Call Traces,' IEEE Software, Vol. 14, No. 5. pp 35-42, 1997
3 S. Hofmeyr, S Forrest and A. Somayaji, 'Intrusion Detection Using Sequences of System Call,' IEEE Journal of Computer Security, Vol. 6, pp. 151-180, 1998   DOI
4 A. Floratos, et al., 'DELPHI: A patern-based method for detecting sequence similarity,' IBM J. RES. & DEV., Vol. 45, No. 3/4, May/July, 2001
5 C. Warrender, S. Forrest and B. Pearlmutter. 'Detecting intrusions using system calls: Alternative data models.' IEEE Symposium on security and Privacy, pp. 133-145, 1999
6 E.C. Rouchka, 'Pattern Matching Techniques and Their Applications to Computational Molecular Biology-A Review,' WUCS-99-09, March, 1999
7 M. Pagni, 'Introduction to Patterns, Profiles and Hidden Markov Models.' Swiss Institute of Bioinformatics, http://www.ch.embnet.org,Aug. 2002
8 W. Lee and S. Stolfo, 'Learning Patterns from Unix Process Execution Traces for Intrusion Detection,' AAAI Workshop, pp. 50-56, 1997
9 D. Dasgupta and S. Forrest, 'An Immune Agent Architecture for Intrusion Detection.' Proceed- ing of the GECCO 2000 Workshop Prog., pp. 42-44, 2000
10 S. Forrest. 'Computer immune systems data sets,' University of New Mexico, http://www.cs.unm.edu, 1997
11 A. Wespi, M. Dacier and H. Debara. 'Intrusion detection using variable-length audit trail patterns,' Recent Advances in Intrusion Detection (RAID 2000), pp.110-129, 2000