JIS  Vol.2 No.4 , October 2011
Tanimoto Based Similarity Measure for Intrusion Detection System
ABSTRACT
In this paper we introduced Tanimoto based similarity measure for host-based intrusions using binary feature set for training and classification. The k-nearest neighbor (kNN) classifier has been utilized to classify a given process as either normal or attack. The experimentation is conducted on DARPA-1998 database for intrusion detection and compared with other existing techniques. The introduced similarity measure shows promising results by achieving less false positive rate at 100% detection rate.

Cite this paper
nullA. Sharma and S. Lal, "Tanimoto Based Similarity Measure for Intrusion Detection System," Journal of Information Security, Vol. 2 No. 4, 2011, pp. 195-201. doi: 10.4236/jis.2011.24019.
References
[1]   T. Lane and C. E. Brodley, “Temporal Sequence Learning and Data Reduction for Anomaly Detection,” In Proceedings of 5th ACM Conference on Computer & Communication Security, San Francisco, November 3-5, 1998, pp. 150-158.

[2]   Y. Yi, J. Wu and W. Xu, “Incremental SVM Based on Reserved Set for Network Intrusion Detection,” Expert Systems with Applications, Vol. 38, No. 6, 2011, pp. 7698- 7707. doi:10.1016/j.eswa.2010.12.141

[3]   G. Wang, J. Hao, J. Ma and L. Huang, “A New Approach to Intrusion Detection Using Artificial Neural Networks and Fuzzy Clustering,” Expert Systems with Applications, Vol. 37, No. 9, 2010, pp. 6225-6232. doi:10.1016/j.eswa.2010.02.102

[4]   C. F. Tsai, Y. F. Hsu, C. Y. Lin and W. Y. Lin, “Intrusion Detection by Machine Learning: A Review,” Expert Sys- tems with Applications, Vol. 36, No. 10, 2009, pp. 11994- 12000. doi:10.1016/j.eswa.2009.05.029

[5]   Y. Liao and V. R. Vemuri, “Use of K-Nearest Neighbor Classifier for Intrusion Detection,” Computers & Security, Vol. 21, No. 5, 2002, pp. 439-448. doi:10.1016/S0167-4048(02)00514-X

[6]   S. Rawat, V. P. Gulati, A. K. Pujari and V. R. Vemuri, “Intrusion Detection Using Text Processing Techniques with a Binary-Weighted Cosine Metric,” Journal of In- formation Assurance and Security, Vol. 1, 2006, pp. 43- 50.

[7]   A. Sharma, A. K. Pujari and K. K. Paliwal, “Intrusion Detection Using Text Processing Techniques with a Kernel Based Similarity Measure,” Computers & Security, Vol. 26, No. 7-8, 2007, pp. 488-495. doi:10.1016/j.cose.2007.10.003

[8]   D. E. Denning, “An Intrusion-Detection Model,” In Pro- ceedings of the 1986 IEEE Symposium on Security and Privacy (SSP ’86), IEEE Computer Society Pressm, 1990, pp. 118-133.

[9]   T. Lane and C. E. Brodly. “An Application of Machine Learning to Anomaly Detection,” In Proceeding of the 20th National Information System Security Conference, Baltimore, MD, 1997, pp. 366-377.

[10]   S. Forrest, S. A. Hofmeyr, A. Somayaji and T. A. Long- staff, “A Sense of Self for Unix Processes,” Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy, Los Alamos, 1996, pp.120-128.

[11]   S. Forrest, S. A. Hofmeyr and A. Somayaji, “Computer Immunology,” Communications of the ACM, Vol. 40, No. 10, 1997, pp. 88-96. doi:10.1145/262793.262811

[12]   W. Lee, S. Stolfo and P. Chan. “Learning Patterns from Unix Process Execution Traces for Intrusion Detection,” In Proceedings of the AAAI97 Workshop on AI Methods in Fraud and Risk Management, AAAI Press, Menlo Park, 1997, pp. 50-56.

[13]   W. Lee and S. Stolfo, “Data Mining Approaches for In- trusion Detection,” Proceedings of the 7th USENIX Security Symposium, Usenix Association, 1998, pp.79-94.

[14]   E. Eskin, A. Arnold, M. Prerau, L. Portnoy and S. Stolfo, “A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data,” Applications of Data Mining in Computer Security, Kluwer Academics Publishers, Berlin, 2002, pp. 77-102.

[15]   C. Warrender, S. Forrest and B. Pearlmutter, “Detecting Intrusions Using System Calls: Alternative Data Models,” Proceedings of 1999 IEEE Symposium on Security and Privacy, Oakland, 1999, pp. 133-145.

[16]   S. Rawat, V. P. Gulati and A. K. Pujari, “A Fast Host- Based Intrusion Detection System Using Rough Set The- ory,” Computer Science, Vol. 3700, No. 2005, 2005, pp. 144-161. doi:10.1007/11574798_8

[17]   A. Wespi, M. Dacier and H. Debar, “Intrusion Detection Using Variable-Length Audit Trail Patterns,” Proceed- ings of the Third International Workshop on the Recent Advances in Intrusion Detection (RAID’2000), Toulouse, No. 1907, 2000.

[18]   M. Asaka, T. Onabuta, T. Inove, S. Okazawa and S. Goto, “A New Intrusion Detection Method on Discriminant Analysis,” IEICE Transaction on Information and Sys- tems E84D, Vol. 5, 2001, pp. 570-577.

[19]   W. Wang, X. Guan and X. Zhang, “A Novel Intrusion Detection Method Based on Principle Component Analy- sis in Computer Security,” Proceedings of the Interna- tional IEEE Symposium on Neural Networks, Dalian, Lecture Notes in Computer Science, Vol. 3174, No. 2004, 2004, pp. 657-662. doi:10.1007/978-3-540-28648-6_105

[20]   G. Tandon and P. K. Chan, “Learning Useful System Call Attributes for Anomaly Detection,” Proceedings of the 18th International Florida Artificial Intelligence Re- search Society (FLAIRS) Conference, Clearwater Beach, 2005, pp. 405-410.

[21]   Y. Liao and V.R. Vemuri, “Using Text Categorization Techniques for Intrusion Detection,” Proceedings USE NIX Security 2002, San Francisco, 2002, pp. 51-59.

[22]   H. Wenjie, Y. Liao and V.R. Vemuri, “Robust Support Vector Machines for Anomaly Detection in Computer Security,” In International Conference on Machine Learning, Los Angeles, 2003.

[23]   T. T. Tanimoto, “IBM Internal Report 17th,” November 1957. http://en.wikipedia.org/wiki/Jaccard_index for details.

[24]   J. A. Wallwork, “The Distribution and Diversity of Soil Fauna,” Academic Press, London. 1976.

[25]   P. Willett, “Chemical Similarity Searching,” Journal of Chemical Information and Computer Sciences, Vol. 38, 1998, pp. 983-996. doi:10.1021/ci9800211

[26]   DARPA 1998 Data, “MIT Lincoln Laboratory,” 2007. http://www.ll.mit.edu/IST/ideval/data/data index.html

 
 
Top