A Host-Based Anomaly Intrusion Detection Model Based
on Genetic Programming
P. Su, D. Li, and D. Feng. Journal of Software, 14 (6):
1120--1126(2003)
Abstract
Anomaly Detection techniques assume all intrusive
activities deviate from the norm. In this paper a new
anomaly detection model is found to improve the
veracity and efficiency. The proposed model
inestablishes a normal activity profile of the
systemcall sequences by using Genetic Programming. One
instance of the model monitors one process. If the
model finds the real systemcall sequences profile of
the process deviating from the normal activity profile,
it will flag the process as intrusive and take some
actions to respond to it. And a new method of
calculating the fitness and two operators to generate
the next offspring are provided. According to the
comparison with some of current models, the model is
more veracious and more efficient.
URL broken 27 Sep 2004.
SU Pu-Rui, LI De-Quan, FENG Deng-Guo (State Key
Laboratory of Information Security, Institute of
Software, The Chinese Academy of Sciences, Beijing
100080, China)
Authors information: SU Pu-Rui was born in 1976. He is
a Ph.D. candidate at the Institute of Software, the
Chinese Academy of Sciences. His research interest is
network security. LI De-Quan was born in 1969. He is a
Ph.D. candidate at the Institute of Software, the
Chinese Academy of Sciences. His research interest is
network security.
FENG Deng-Guo was born in 1965. He is a professor and
doctoral supervisor at the Institute of Software, the
Chinese Academy of Sciences. His research area is
information security.
Corresponding author: SU Pu-Rui, Phn: 86-10-62528254
ext 801, Fax 86-10-62520469, E-mail: supurui@263.net
%0 Journal Article
%1 Su2003
%A Su, Pu-Rui
%A Li, De-Quan
%A Feng, Deng-Guo
%D 2003
%J Journal of Software
%K algorithms, genetic programming
%N 6
%P 1120--1126
%T A Host-Based Anomaly Intrusion Detection Model Based
on Genetic Programming
%U http://www.jos.org.cn/1000-9825/14/1120.pdf
%V 14
%X Anomaly Detection techniques assume all intrusive
activities deviate from the norm. In this paper a new
anomaly detection model is found to improve the
veracity and efficiency. The proposed model
inestablishes a normal activity profile of the
systemcall sequences by using Genetic Programming. One
instance of the model monitors one process. If the
model finds the real systemcall sequences profile of
the process deviating from the normal activity profile,
it will flag the process as intrusive and take some
actions to respond to it. And a new method of
calculating the fitness and two operators to generate
the next offspring are provided. According to the
comparison with some of current models, the model is
more veracious and more efficient.
@article{Su2003,
abstract = {Anomaly Detection techniques assume all intrusive
activities deviate from the norm. In this paper a new
anomaly detection model is found to improve the
veracity and efficiency. The proposed model
inestablishes a normal activity profile of the
systemcall sequences by using Genetic Programming. One
instance of the model monitors one process. If the
model finds the real systemcall sequences profile of
the process deviating from the normal activity profile,
it will flag the process as intrusive and take some
actions to respond to it. And a new method of
calculating the fitness and two operators to generate
the next offspring are provided. According to the
comparison with some of current models, the model is
more veracious and more efficient.},
abstract-url = {http://www.jos.org.cn/1000-9825/14/1120.htm},
added-at = {2008-06-19T17:46:40.000+0200},
author = {Su, Pu-Rui and Li, De-Quan and Feng, Deng-Guo},
biburl = {https://www.bibsonomy.org/bibtex/24ed8926eb9c092bc3c5904cdf8a8377f/brazovayeye},
coden = {RUXUEW},
email = {supurui@263.net},
interhash = {f8c75a7e4025c1382c3daeb7bd6e7efd},
intrahash = {4ed8926eb9c092bc3c5904cdf8a8377f},
issn = {1000-9825},
journal = {Journal of Software},
keywords = {algorithms, genetic programming},
language = {English},
notes = {URL broken 27 Sep 2004.
SU Pu-Rui, LI De-Quan, FENG Deng-Guo (State Key
Laboratory of Information Security, Institute of
Software, The Chinese Academy of Sciences, Beijing
100080, China)
Authors information: SU Pu-Rui was born in 1976. He is
a Ph.D. candidate at the Institute of Software, the
Chinese Academy of Sciences. His research interest is
network security. LI De-Quan was born in 1969. He is a
Ph.D. candidate at the Institute of Software, the
Chinese Academy of Sciences. His research interest is
network security.
FENG Deng-Guo was born in 1965. He is a professor and
doctoral supervisor at the Institute of Software, the
Chinese Academy of Sciences. His research area is
information security.
Corresponding author: SU Pu-Rui, Phn: 86-10-62528254
ext 801, Fax 86-10-62520469, E-mail: supurui@263.net},
number = 6,
pages = {1120--1126},
timestamp = {2008-06-19T17:52:25.000+0200},
title = {A Host-Based Anomaly Intrusion Detection Model Based
on Genetic Programming},
url = {http://www.jos.org.cn/1000-9825/14/1120.pdf},
volume = 14,
year = 2003
}