Intrusion detection system in commands sequences applying one versus rest methodology
Abstract:
The main objective of this work is to develop an intrusion detection algorithm in commands sequences. These sequences are based on user behavior applying in several classification techniques. This algorithm allows obtaining a precision in the identification of fraudulent activities. To develop this algorithm, we have worked with a public database called Unix Commands. In addition, the model applies multiple machine learning techniques such as decision tree C4.5, UCS, and Multilayer Neural Network. In this paper we use two forms for data classification, the first form will be to use the entire dataset with the 7 users, but the difference is that the model applies 5 commands or 16 commands. The model identifies the information of a user and the labeled as normal, otherwise, the user is labeled as an intruder (5 commands - 2 classes, 16 commands - 2 classes). The second form uses the dataset by sequential discrimination (discrimination in form of a decision tree). This methodology is used in the multiclass classification called one versus rest (OVR) (5 commands-OVR, 16 commands-OVR). The algorithm has obtained optimal results in the classification and a low false positive rate.
Año de publicación:
2018
Keywords:
- UCS
- intrusion detection
- Decision Trees
- User behavior
- Neural networks
Fuente:
scopus
googleTipo de documento:
Conference Object
Estado:
Acceso restringido
Áreas de conocimiento:
- Ciencias de la computación
Áreas temáticas:
- Programación informática, programas, datos, seguridad
- Criminología
- Instrumentos de precisión y otros dispositivos
