| Based on the poignant problem that the network security has been increasingly challenged for this decade, the development of intrusion detection system is aimed to detect system behaviors in real time and subjectively defense the system from various new kinds of attacks. Although such technique has been developed, some vital problems, especially the problems on host-based intrusion detection system and system calls based intrusion detection system, are not solved well, including incorrect models for system behaviors, secure issues deduced by certain modeling methods, and deteriorated detecting speed and performance. These contents are still listed on the recent research project schedules.In this paper, we analyze the security and accuracy of two modeling methods, the transition representation and frequency representation, and point out that these two schemes are both retarded by some problem. Based on some secure vulnerability that the algorithm could not cover larger detection space, the former one could be easily broke through by attackers. The latter one broadens the concept of normal system behaviors so as to decrease the accuracy of modeling for system behaviors.Therefore, we propose a scheme based on long sliding window to scan normal system calls sequence and utilize non-negative matrix factorization to model normal behaviors in a wavelet space. Experiments show that our method not only reaches the same detection rates as conventional algorithms like STIDE, but also reduces the detecting time to get close to the demand for real-time detection.Considering that the noisy data collected in real world may distort normal behaviors so as to result in an incorrect normal system models, we develop a new method to solve such problem. To reinforce the efficiency of our entire scheme, we also use non-negative matrix factorization to filter the noisy data in normal corpus. It is shown that this algorithm guarantees not only the accuracy of detecting results but also stability of detecting results. |
PDF Full Text Request