Information Integration and Assurance Laboratory IEE594 Presentation. Xiangyang Li Dept. of Industrial Engineering Arizona State University Box 875906, Tempe, AZ 85287-5906, USA. Current People. Director Dr. Nong Ye. Students Master: Syed Masum Emran Ph.D.: Qiang Chen Xiangyang Li
Dept. of Industrial Engineering
Arizona State University Box 875906, Tempe, AZ 85287-5906, USA
Dr. Nong Ye
Syed Masum Emran
Intrusion detection Technology Study
Enterprise modeling and simulation
Application of Decision Tree Classifier
Normality profile method
Signature recognition method
Label : 0 - normal activity, 1 - attack
IW(Intrusion Warning) : 0 - 1
Only use the information of event type. (284 event types - Solaris 2.7)
Training data set
Testing data setProblem Definition(2)
We use one variable to represent one event type. Then there are 284 variables for the 284 event types. In our sample data set there are 49 variables. We use these variables as the predictor variables. Each variable is calculated for each event as:
if the audit event at time t belongs to the ith event type
if the audit event at time t is different from the ith event type
In the transferred data set, variable i records whether event type i exists in current moving window.
In the transferred data set, variable i records how many times event type i appears in current moving window. We use this one in moving window classifiers on event types.
Remove the part of transferred data which includes both normal and attack events.