Suppressing false alarms of intrusion detection using improved text categorization method

Zonghua Zhang, Hong Shen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Citations (Scopus)

Abstract

Although some text processing techniques can be em-ployed to intrusion detection based on the characterization of the frequencies of the system calls executed by the priv-ileged programs, and achieve satisfactory detection accu-racy, high false alarms make it hardly practicable in real life. In this paper, we modified the traditional weighting method tf-idf for suppressing false alarms by considering the necessary information between the processes and sessions. Preliminary experiments with 1998 DRRPA BSM auduit data show that our modified method can suppress high false alarms effectively while maintaining satisfactory detection accuracy, which thus make text categorization ap-proaches more practicable for intrusion detection.

Original languageEnglish
Title of host publicationProceedings - 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, EEE 2004
PublisherIEEE Computer Society
Pages163-166
Number of pages4
ISBN (Print)0769520731, 9780769520735
DOIs
Publication statusPublished - 2004
Externally publishedYes
EventProceedings - 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, EEE 2004 - Taipei, Taiwan, Province of China
Duration: 28 Mar 200431 Mar 2004

Publication series

NameProceedings - 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, EEE 2004

Conference

ConferenceProceedings - 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, EEE 2004
Country/TerritoryTaiwan, Province of China
CityTaipei
Period28/03/0431/03/04

Fingerprint

Dive into the research topics of 'Suppressing false alarms of intrusion detection using improved text categorization method'. Together they form a unique fingerprint.

Cite this