An Integrated Pattern Recognition Approach for Intrusion Detection

Abstract

Intrusion detection systems (IDS) attempt to address the vulnerability of computer-based systems for abuse by insiders and to penetration by outsiders. An IDS is required to examine an enormous amount of data generated by computer networks to assist in the abuse detection process. Thus, there is a need to develop automated tools that address these requirements to assist system operators in the detection of violations of existing security policies. In this research, an automated IDS is proposed for insider threats in a distributed system. The proposed IDS functions as an anomaly detector for insider system operations based on the analysis of the system's log files. The approach integrates dynamic programming and adaptive resonance theory (ART1) clustering. The integrated approach aligns sequences of log events with prototypical sequences of events for performing tasks and classifies the aligned sequences for intrusion detection. The system examined for this research is a Boots System for controlling the movement of boots from one place to another under specific security restrictions related to the boot orders. We present the proposed model, the results achieved and the analysis of an implemented prototype.

Department(s)

Electrical and Computer Engineering

Second Department

Computer Science

Keywords and Phrases

Automated Pattern Recognition; Security Measures; Theoretical Models; Adaptive Resonance Theory; Dynamic Programming; Insider Threat; Algorithms

International Standard Serial Number (ISSN)

0067-8856

Document Type

Article - Journal

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2002 ISA - Instrumentation, Systems, and Automation Society, All rights reserved.

Publication Date

01 Feb 2002

Link to Full Text

Share

 
COinS