Improving the efficiency of intrusion detection in information systems-Reference-Cited by-同舟云学术

Improving the efficiency of intrusion detection in information systems

Published:2022-01-01 Issue:1 Volume:31 Page:835-854
ISSN:2191-026X
Container-title:Journal of Intelligent Systems
language:en
Short-container-title:

Author:

Ouarda Lounis¹,Malika Bourenane¹,Yousfi Nacer Eddine²,Brahim Bouderah³

Affiliation:

1. Computer Science Department, Industrial Computing and Networking Laboratory-RIIR, University Oran 1 , 31000, Oran , Ahmed Benbella , Algeria

2. LSV Specification and Verification Laboratory, Computer Science Laboratory of ENS Paris-Saclay (CNRS) , Paris , France

3. Computer Science Department, University of M’sila , M’sila , Algeria

Abstract

Abstract Policy Interaction Graph Analysis is a Host-based Intrusion Detection tool that uses Linux MAC Mandatory access control policy to build the licit information flow graph and uses a detection policy defined by the administrator to extract illicit behaviour from the graph. The main limitation of this tool is the generation of a huge signature base of illicit behaviours; hence, this leads to the use of huge memory space to store it. Our primary goal in this article is to reduce this memory space while keeping the tool’s efficiency in terms of intrusion detection rate and false generated alarms. First, the interactions between the two nodes of the graph were grouped into a single interaction. The notion of equivalence class was used to classify the paths in the graph and was compressed by using a genetic algorithm. Such an approach showed its efficiency compared to the approach proposed by Pierre Clairet, by which the detection rate obtained was 99.9%, and no false-positive with a compression rate of illicit behaviour signature database reached 99.44%. Having these results is one of the critical aspects of realizing successful host-based intrusion detection systems.

Publisher

Walter de Gruyter GmbH

Subject

Artificial Intelligence,Information Systems,Software

Link

https://www.degruyter.com/document/doi/10.1515/jisys-2022-0059/pdf

Reference13 articles.

1. Samrin R, Vasumathi D. Hybrid weighted k-means clustering and artificial neural network for an anomaly-based network intrusion detection system. J Intell Syst. 2018;27(2):135–47.

2. Elmasry W, Akbulut A, Zaim AH. A design of an integrated cloud-based intrusion detection system with third party cloud service. Open Computer Sci. 2021;11(1):365–79.

3. Brifaut J. Formalization and guarantee of system security properties: application to intrusion detection. PhD thesis. Orléans: Orléans University; 2007.

4. Cornabas JR. Formalization of security properties for the protection of operating systems. PhD thesis. Orléans:Orléans University; 2010.

5. Clairet P, Berthomé P, Briffaut J. Signature compression for PIGA IDS, 9th ed. France: MajecSTIC; 2012.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Towards a better similarity algorithm for host-based intrusion detection system;Journal of Intelligent Systems;2023-01-01