|
Title:
|
A REAL-TIME INTRUSION DETECTION SYSTEM FOR THE WINDOWS ENVIRONMENT |
|
Author(s):
|
Deborah Buckley , Irfan Altas , Jason Howarth |
|
ISBN:
|
978-972-8924-44-7 |
|
Editors:
|
Pedro Isaías , Miguel Baptista Nunes and João Barroso (associate editors Luís Rodrigues and Patrícia Barbosa) |
|
Year:
|
2007 |
|
Edition:
|
V II, 2 |
|
Keywords:
|
Intrusion Detection; Data Mining; Probabilistic Cover Coefficient. |
|
Type:
|
Short Paper |
|
First Page:
|
84 |
|
Last Page:
|
88 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
This paper presents a prototype real-time intrusion detection system (IDS) for the Windows platform. It combines data
mining and intrusion detection techniques to detect intrusions from sequences of native API calls. It analyses Windows
native API calls in real-time using the probabilistic cover coefficient clustering algorithm. We intentionally used a
simple, computationally-fast algorithm that is able to incorporate historical data into the detection process while still
allowing the IDS to run in real-time. We demonstrate our prototype using artificial intrusion sequences. Although the test
data produced a number of false positives, no false negatives were recorded. |
|
|
|
|
|
|
