Information Integration and Assurance Laboratory IEE594 Presentation. Xiangyang Li Dept. of Industrial Engineering Arizona State University Box 875906, Tempe, AZ 85287-5906, USA. Current People. Director Dr. Nong Ye. Students Master: Syed Masum Emran Ph.D.: Qiang Chen Xiangyang Li
Information Integration and Assurance Laboratory IEE594 Presentation
Dept. of Industrial Engineering
Arizona State University Box 875906, Tempe, AZ 85287-5906, USA
Dr. Nong Ye
Syed Masum Emran
Intrusion detection Technology Study
Enterprise modeling and simulation
Intrusion Detection Technology
Application of Decision Tree Classifier
Normality profile method
Signature recognition method
BSM audit event from Solaris
Label : 0 - normal activity, 1 - attack
IW(Intrusion Warning) : 0 - 1
Only use the information of event type. (284 event types - Solaris 2.7)
Training data set
Testing data set
We use one variable to represent one event type. Then there are 284 variables for the 284 event types. In our sample data set there are 49 variables. We use these variables as the predictor variables. Each variable is calculated for each event as:
if the audit event at time t belongs to the ith event type
if the audit event at time t is different from the ith event type
In the transferred data set, variable i records whether event type i exists in current moving window.
In the transferred data set, variable i records how many times event type i appears in current moving window. We use this one in moving window classifiers on event types.
Remove the part of transferred data which includes both normal and attack events.