A real-time intrusion detection system for the Windows environment

Deborah Buckley; Irfan Altas; Jason Howarth

A real-time intrusion detection system for the Windows environment

Deborah Buckley, Irfan Altas, Jason Howarth

Research output: Book chapter/Published conference paper › Conference paper › peer-review

91 Downloads (Pure)

Abstract

This paper presents a prototype real-time intrusion detection system (IDS) for the Windows platform. It combines data mining and intrusion detection techniques to detect intrusions from sequences of native API calls. It analyses Windows native API calls in real-time using the probabilistic cover coefficient clustering algorithm. We intentionally used a simple, computationally-fast algorithm that is able to incorporate historical data into the detection process while still allowing the IDS to run in real-time. We demonstrate our prototype using artificial intrusion sequences. Although the test data produced a number of false positives, no false negatives were recorded.

Original language	English
Title of host publication	IADIS 2007
Subtitle of host publication	WWW/Internet
Editors	JoÃ£o Barroso
Place of Publication	[email protected]
Publisher	IADIS Press
Pages	84-88
Number of pages	5
Volume	2
ISBN (Electronic)	9789728924447
Publication status	Published - 2007
Event	International Association for Developement of the Information Society (IADIS) Conference - Villa-Real, Portugal, Portugal Duration: 05 Oct 2007 → 08 Oct 2007

Conference

Conference	International Association for Developement of the Information Society (IADIS) Conference
Country/Territory	Portugal
Period	05/10/07 → 08/10/07

Access to Document

CSU277551Accepted author manuscript, 250 KB

Cite this

@inproceedings{592b79d00ab54b4d88fb9a97a43c56bd,

title = "A real-time intrusion detection system for the Windows environment",

abstract = "This paper presents a prototype real-time intrusion detection system (IDS) for the Windows platform. It combines data mining and intrusion detection techniques to detect intrusions from sequences of native API calls. It analyses Windows native API calls in real-time using the probabilistic cover coefficient clustering algorithm. We intentionally used a simple, computationally-fast algorithm that is able to incorporate historical data into the detection process while still allowing the IDS to run in real-time. We demonstrate our prototype using artificial intrusion sequences. Although the test data produced a number of false positives, no false negatives were recorded.",

keywords = "Open access version available, Data Mining, Intrusion Detection, Probabilistic Cover Coefficient",

author = "Deborah Buckley and Irfan Altas and Jason Howarth",

note = "Imported on 03 May 2017 - DigiTool details were: publisher = [email protected]: IADIS Press, 2007. editor/s (773b) = Isa{\~A}as, Pedro Nunes, Miguel Baptista and Barroso, Jo{\~A}£o; Event dates (773o) = 5-8 Oct 2007; Parent title (773t) = International Association for Developement of the Information Society (IADIS) Conference.; International Association for Developement of the Information Society (IADIS) Conference ; Conference date: 05-10-2007 Through 08-10-2007",

year = "2007",

language = "English",

volume = "2",

pages = "84--88",

editor = "Jo{\~A}£o Barroso",

booktitle = "IADIS 2007",

publisher = "IADIS Press",

}

TY - GEN

T1 - A real-time intrusion detection system for the Windows environment

AU - Buckley, Deborah

AU - Altas, Irfan

AU - Howarth, Jason

N1 - Imported on 03 May 2017 - DigiTool details were: publisher = [email protected]: IADIS Press, 2007. editor/s (773b) = IsaÃas, Pedro Nunes, Miguel Baptista and Barroso, JoÃ£o; Event dates (773o) = 5-8 Oct 2007; Parent title (773t) = International Association for Developement of the Information Society (IADIS) Conference.

PY - 2007

Y1 - 2007

N2 - This paper presents a prototype real-time intrusion detection system (IDS) for the Windows platform. It combines data mining and intrusion detection techniques to detect intrusions from sequences of native API calls. It analyses Windows native API calls in real-time using the probabilistic cover coefficient clustering algorithm. We intentionally used a simple, computationally-fast algorithm that is able to incorporate historical data into the detection process while still allowing the IDS to run in real-time. We demonstrate our prototype using artificial intrusion sequences. Although the test data produced a number of false positives, no false negatives were recorded.

AB - This paper presents a prototype real-time intrusion detection system (IDS) for the Windows platform. It combines data mining and intrusion detection techniques to detect intrusions from sequences of native API calls. It analyses Windows native API calls in real-time using the probabilistic cover coefficient clustering algorithm. We intentionally used a simple, computationally-fast algorithm that is able to incorporate historical data into the detection process while still allowing the IDS to run in real-time. We demonstrate our prototype using artificial intrusion sequences. Although the test data produced a number of false positives, no false negatives were recorded.

KW - Open access version available

KW - Data Mining

KW - Intrusion Detection

KW - Probabilistic Cover Coefficient

M3 - Conference paper

VL - 2

SP - 84

EP - 88

BT - IADIS 2007

A2 - Barroso, JoÃ£o

PB - IADIS Press

CY - [email protected]

T2 - International Association for Developement of the Information Society (IADIS) Conference

Y2 - 5 October 2007 through 8 October 2007

ER -

A real-time intrusion detection system for the Windows environment

Abstract

Conference

Access to Document

Fingerprint

Cite this