Use of K-Nearest Neighbor classifier for intrusion detection

被引:469
|
作者
Liao, YH [1 ]
Vemuri, VR [1 ]
机构
[1] Univ Calif Davis, Dept Comp Sci, Davis, CA 95616 USA
来源
COMPUTERS & SECURITY | 2002年 / 21卷 / 05期
关键词
k-Nearest Neighbor classifier; intrusion detection; system calls; text categorization; program profile;
D O I
10.1016/S0167-4048(02)00514-X
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify program behavior as normal or intrusive. Program behavior, in turn, is represented by frequencies of system calls. Each system call is treated as a word and the collection of system calls over each program execution as a document. These documents are then classified using kNN classifier, a popular method in text categorization. This method seems to offer some computational advantages over those that seek to characterize program behavior with short sequences of system calls and generate individual program profiles. Preliminary experiments with 1998 DARPA BSM audit data show that the kNN classifier can effectively detect intrusive attacks and achieve a low false Positive rate.
引用
收藏
页码:439 / 448
页数:10
相关论文
共 50 条
  • [31] A fuzzy K-nearest neighbor classifier to deal with imperfect data
    Cadenas, Jose M.
    Carmen Garrido, M.
    Martinez, Raquel
    Munoz, Enrique
    Bonissone, Piero P.
    [J]. SOFT COMPUTING, 2018, 22 (10) : 3313 - 3330
  • [32] Classification of facial expressions using K-Nearest Neighbor Classifier
    Sohail, Abu Sayeed Md.
    Bhattacharya, Prabir
    [J]. COMPUTER VISION/COMPUTER GRAPHICS COLLABORATION TECHNIQUES, 2007, 4418 : 555 - +
  • [33] Multi-agent Event Detection System using k-Nearest Neighbor Classifier
    Suriani, Nor Surayahani
    Hussain, Aini
    Zulkifley, Mohd Asyraf
    [J]. 2014 INTERNATIONAL CONFERENCE ON ELECTRONICS, INFORMATION AND COMMUNICATIONS (ICEIC), 2014,
  • [34] Fuzzy Monotonic K-Nearest Neighbor Versus Monotonic Fuzzy K-Nearest Neighbor
    Zhu, Hong
    Wang, Xizhao
    Wang, Ran
    [J]. IEEE TRANSACTIONS ON FUZZY SYSTEMS, 2022, 30 (09) : 3501 - 3513
  • [35] Research on the Improvement of K-Nearest Neighbor Classifier for Imbalanced Text Categorization
    Yang Yanmei
    Xu Linying
    [J]. 2018 EIGHTH INTERNATIONAL CONFERENCE ON INSTRUMENTATION AND MEASUREMENT, COMPUTER, COMMUNICATION AND CONTROL (IMCCC 2018), 2018, : 968 - 972
  • [36] Enhancing Patient Safety Event Reporting by K-nearest Neighbor Classifier
    Liang, Chen
    Gong, Yang
    [J]. CONTEXT SENSITIVE HEALTH INFORMATICS: MANY PLACES, MANY USERS, MANY CONTEXTS, MANY USES, 2015, 218 : 93 - 99
  • [37] Boosting k-nearest neighbor classifier by means of input space projection
    Garcia-Pedrajas, Nicolas
    Ortiz-Boyer, Domingo
    [J]. EXPERT SYSTEMS WITH APPLICATIONS, 2009, 36 (07) : 10570 - 10582
  • [38] Design and implementation of a parallel geographically weighted k-nearest neighbor classifier
    Pu, Yingxia
    Zhao, Xinyi
    Chi, Guangqing
    Zhao, Shuhe
    Wang, Jiechen
    Jin, Zhibin
    Yin, Junjun
    [J]. COMPUTERS & GEOSCIENCES, 2019, 127 : 111 - 122
  • [39] Application of k-Nearest Neighbor on feature projections classifier to text categorization
    Yavuz, T
    Guvenir, HA
    [J]. ADVANCES IN COMPUTER AND INFORMATION SCIENCES '98, 1998, 53 : 135 - 142
  • [40] Fuzzy k-nearest neighbor classifier to predict protein solvent accessibility
    Chang, Jyh-Yeong
    Shyu, Jia-Jie
    Shi, Yi-Xiang
    [J]. NEURAL INFORMATION PROCESSING, PART II, 2008, 4985 : 837 - 845
12345