Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (PAIDS)
Abstract
Most intrusion detection systems rely on signature matching of known malware or anomaly discrimination by data mining historical network traffic. This renders defended systems vulnerable to new or polymorphic code and deceptive attacks that do not trigger anomaly alarms. A lightweight, self-aware intrusion detection system (IDS) is essential for the security of government and commercial networks, especially mobile, ad-hoc networks (MANETs) with relatively limited processing power. This research proposes a host-based, anomaly discrimination IDS using operating system process parameters to measure the "health" of individual systems. Principal Component Analysis (PCA) is employed for feature set selection and dimensionality reduction, while Mahalanobis Distance (MD) and is used to classify legitimate and illegitimate activity. This combination of statistical methods provides an efficient computer operating process anomaly intrusion detection system (PAIDS) that maximizes detection rate and minimizes false positive rate, while updating its sense of "self" in near-real-time.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2009
- Accession Number
- ADA500331
Entities
People
- Glen R. Shilland
Organizations
- Air Force Institute of Technology