20th Annual Computer Security Applications Conference (ACSAC'04) Visualizing and Identifying Intrusion Context from System Calls Trace Tucson, Arizona December 06-December 10 ISBN: 0-7695-2252-1
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.48
Anomaly-based Intrusion Detection (AID) techniques are useful for detecting novel intrusions without known signatures. However, AID techniques suffer from higher false alarm rate compared to signature-based intrusion detection techniques. In this paper, the concept of intrusion context identification is introduced to address the problem. The identification of the intrusion conext can help to significantly enhance the detection rate and lower the false alarm rate of AID techniques. To evaluate the effectiveness of the concept, a simple but representative scheme for intrusion context identification is proposed, in which the anomalies in the intrusive datasets are visualized first, and then the intrusion contexts are identified from the visualized anomalies. The experimental results show that using the scheme, the intrusion contexts can be visualized and extracted from the audit trails correctly. In addition, as an application of the visualized anomalies, an implicit design drawback in t-stide is found after careful analysis. Finally, based on the identified intrusion context and the efficiency comparison, several findings are made which can offer useful insights and benefit future research on AID techniques.
Citation:
Zhuowei Li, Amitabha Das, "Visualizing and Identifying Intrusion Context from System Calls Trace," acsac, pp.61-70, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004 Usage of this product signifies your acceptance of the Terms of Use. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb