完整後設資料紀錄
DC 欄位語言
dc.contributor.authorPao, Hsing-Kuoen_US
dc.contributor.authorLee, Fong-Rueien_US
dc.contributor.authorLee, Yuh-Jyeen_US
dc.date.accessioned2019-04-02T06:00:15Z-
dc.date.available2019-04-02T06:00:15Z-
dc.date.issued2019-01-01en_US
dc.identifier.issn1016-2364en_US
dc.identifier.urihttp://dx.doi.org/10.6688/JISE.201901_35(1).0012en_US
dc.identifier.urihttp://hdl.handle.net/11536/148765-
dc.description.abstractWe propose an intrusion detection method that can deal with interleaved event inputs. The event sequences may be alert sequences in a network or running processes on a host which are both considered to contain mixed behaviors with unpredictable orders in the temporal domain. To detect intrusions with interleaved event sequences, one of the major difficulties is to separate the interleaved events that are produced by different users or for different intentions. We propose a novel ATM algorithm to extract subsequences that characterize different behaviors; afterwards, a method that is based on graph representation is used to detect intrusions. In a network, there could be intruders who plan a DDoS attack on an environment that has mostly benign users. The proposed method can distinguish between different pieces of network data that represent different behaviors and locate where the intrusion is. On a host, users without enough privilege may inappropriately gain access to data that they are not supposed to see. The proposed method can detect the event subsequence that is associated with the unauthorized activity given a usage sequence from users such as process, command or log sequences. Given the network or host-based data, the experiment results show that the proposed method can reach high precision and recall rates at the same time in the intrusion detection task. Moreover, the graphs produced by the proposed ATM method are also compared to the graphs generated from other methods to confirm that the ATM-based graph representation indeed describes meaningful transitions between events.en_US
dc.language.isoen_USen_US
dc.subjectevent sequenceen_US
dc.subjecthost-based intrusionen_US
dc.subjectinterleaved eventen_US
dc.subjectintrusion detectionen_US
dc.subjectnetwork-based intrusionen_US
dc.titleDealing with Interleaved Event Inputs for Intrusion Detectionen_US
dc.typeArticleen_US
dc.identifier.doi10.6688/JISE.201901_35(1).0012en_US
dc.identifier.journalJOURNAL OF INFORMATION SCIENCE AND ENGINEERINGen_US
dc.citation.volume35en_US
dc.citation.spage223en_US
dc.citation.epage242en_US
dc.contributor.department應用數學系zh_TW
dc.contributor.departmentDepartment of Applied Mathematicsen_US
dc.identifier.wosnumberWOS:000456642000012en_US
dc.citation.woscount0en_US
顯示於類別:期刊論文