TY - GEN
T1 - Suppressing false alarms of intrusion detection using improved text categorization method
AU - Zhang, Zonghua
AU - Shen, Hong
PY - 2004
Y1 - 2004
N2 - Although some text processing techniques can be em-ployed to intrusion detection based on the characterization of the frequencies of the system calls executed by the priv-ileged programs, and achieve satisfactory detection accu-racy, high false alarms make it hardly practicable in real life. In this paper, we modified the traditional weighting method tf-idf for suppressing false alarms by considering the necessary information between the processes and sessions. Preliminary experiments with 1998 DRRPA BSM auduit data show that our modified method can suppress high false alarms effectively while maintaining satisfactory detection accuracy, which thus make text categorization ap-proaches more practicable for intrusion detection.
AB - Although some text processing techniques can be em-ployed to intrusion detection based on the characterization of the frequencies of the system calls executed by the priv-ileged programs, and achieve satisfactory detection accu-racy, high false alarms make it hardly practicable in real life. In this paper, we modified the traditional weighting method tf-idf for suppressing false alarms by considering the necessary information between the processes and sessions. Preliminary experiments with 1998 DRRPA BSM auduit data show that our modified method can suppress high false alarms effectively while maintaining satisfactory detection accuracy, which thus make text categorization ap-proaches more practicable for intrusion detection.
UR - http://www.scopus.com/inward/record.url?scp=4544293260&partnerID=8YFLogxK
U2 - 10.1109/eee.2004.1287303
DO - 10.1109/eee.2004.1287303
M3 - Conference contribution
AN - SCOPUS:4544293260
SN - 0769520731
SN - 9780769520735
T3 - Proceedings - 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, EEE 2004
SP - 163
EP - 166
BT - Proceedings - 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, EEE 2004
PB - IEEE Computer Society
T2 - Proceedings - 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, EEE 2004
Y2 - 28 March 2004 through 31 March 2004
ER -