A real-time intrusion detection system for the Windows environment

Deborah Buckley, Irfan Altas, Jason Howarth

Research output: Book chapter/Published conference paperConference paper

11 Downloads (Pure)

Abstract

This paper presents a prototype real-time intrusion detection system (IDS) for the Windows platform. It combines data mining and intrusion detection techniques to detect intrusions from sequences of native API calls. It analyses Windows native API calls in real-time using the probabilistic cover coefficient clustering algorithm. We intentionally used a simple, computationally-fast algorithm that is able to incorporate historical data into the detection process while still allowing the IDS to run in real-time. We demonstrate our prototype using artificial intrusion sequences. Although the test data produced a number of false positives, no false negatives were recorded.
Original languageEnglish
Title of host publicationIADIS 2007
Subtitle of host publicationWWW/Internet
EditorsJoão Barroso
Place of Publicationsecretariat@iadis.org
PublisherIADIS Press
Pages84-88
Number of pages5
Volume2
ISBN (Electronic)9789728924447
Publication statusPublished - 2007
EventInternational Association for Developement of the Information Society (IADIS) Conference - Villa-Real, Portugal, Portugal
Duration: 05 Oct 200708 Oct 2007

Conference

ConferenceInternational Association for Developement of the Information Society (IADIS) Conference
CountryPortugal
Period05/10/0708/10/07

Fingerprint Dive into the research topics of 'A real-time intrusion detection system for the Windows environment'. Together they form a unique fingerprint.

  • Cite this

    Buckley, D., Altas, I., & Howarth, J. (2007). A real-time intrusion detection system for the Windows environment. In J. Barroso (Ed.), IADIS 2007: WWW/Internet (Vol. 2, pp. 84-88). IADIS Press.