In this study we address the problem of detecting new types of intrusions to computer systems which cannot be handled by widely implemented knowledge-based mechanisms. The solutions offered by behavior-based prototypes either suffer low accuracy and low completeness or require use data eplaining abnormal behavior which actually is not available. Our aim is to develop an algorithm which can produce a satisfactory model of the target system&rsquo / s behavior in the absence of negative data.
First, we design and develop an intelligent and behavior-based detection mechanism using genetic-based machine learning techniques with subsidies in the Bucket Brigade Algorithm. It classifies the possible system states to be normal and abnormal and interprets the abnormal state observations as evidences for the presence of an intrusion.
Next we provide another algorithm which focuses on capturing normal behavior of the target system to detect intrusions again by identifying anomalies. A compact and highly complete rule set is generated by continuously inserting observed states as rules into the rule set and combining similar rule pairs in each step.
Experiments conducted using the KDD-99 data set have produced fairly good results for both of the algorihtms.
| Identifer | oai:union.ndltd.org:METU/oai:etd.lib.metu.edu.tr:http://etd.lib.metu.edu.tr/upload/2/12606636/index.pdf |
| Date | 01 September 2005 |
| Creators | Ozbey, Halil |
| Contributors | Sen, Tayyar D |
| Publisher | METU |
| Source Sets | Middle East Technical Univ. |
| Language | English |
| Detected Language | English |
| Type | M.S. Thesis |
| Format | text/pdf |
| Rights | To liberate the content for METU campus |
Page generated in 0.0101 seconds