Registry access anomaly detection system based on the rough set algorithm

Abstract

With the rapid growth and the popularization of the Internet, network security problems become increasingly serious. This paper analyzes the impact on several malicious codes on registry access behaviour and builds a rough set of algorithms-based registry access intrusion detection systems. Related attributes are constructed considering both the time sequence attribute and one-time access attribute as our input of the training module. Attribute reduction and rules extraction using rough sets algorithms give the registry access to normal behaviour modal. Experiments show that the system differentiates normal and abnormal registry behaviour successfully.