HIERARCHICAL CLUSTERING ALGORITHM FOR DETECTING ANOMALOUS PROFILES IN COMPUTER SYSTEMS

Authors

  • Rachid Beghdad

DOI:

https://doi.org/10.47839/ijc.7.3.526

Keywords:

Intrusion detection systems, Audit trail analysis, Hierarchical Clustering Algorithm, User behavior, Anomaly intrusion detection, Anomalous behavior

Abstract

We introduce a new intrusion detection method based on the Hierarchical Clustering Algorithm (HCA), to detect anomalous user’s profiles. In the Unix system, a simple user has only some privileges (can access to some resources), but the root user has more privileges. So, we can speak here about hierarchy of users. By the same way, we can use a hierarchy of users in intrusion detection field, to distinguish between the normal user and suspicious user. Many data mining methods were already used in previous works in intrusion detection. Even if some of them led to interesting results, but they still suffer from some weaknesses. This is the reason why we focused in this study on the use of the HCA to detect anomalous profiles. A survey of intrusion detection methods is presented. The HCA procedure is described in detail. Our simulation results demonstrate the robustness of our approach in comparison to some previous used methods.

References

1. N. Ye, and X. Li, “A Scalable Clustering Technique for Intrusion Signature Recognition”, from the Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, U.S Military Academy, West Point, NY, 5-6 June, pp. 1-4, 2001.

S. C. Johnson, "Hierarchical Clustering Schemes" Psychometrika, 2:241-254, 1967.

J. Marin, D. Ragsdale, and J. Surdu, “A Hybrid Approach to the Profile Creation and Intrusion Detection”, technical report, Information Technology and Operations Center, United States Military Academy, 2000.

A. Bivens, C. Palagiri, R. Smith, B. Szymanski, M. Embrechts, “ Network-based Intrusion Detection Using Neural Networks”, technical report, Rensselaer Polytechnic Institute, Troy, New York 12180-3590, 2002.

R. BEGHDAD, “K-Means for Modelling and Detecting Anomalous Profiles”, International Scientific Journal of Computing, volume 6, n°1, pp. 59-66, June 2007, Ukraine.

U. Lindqvist and P. A. Porras, “eXpert-BSM: A Host-based Intrusion Detection Solution for Sun Solaris”, from Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001), pp. 240–251. IEEE Computer Society, New Orleans, Louisiana, 2001.

S. Cheung, U. Lindquist and M. W. Fong, “Modeling Multistep Cyber Attacks for Scenario Recognition”, from the Third DARPA Information Survivability Conference and Exposition (DISCEX III), Volume I, pp. 284–292, Washington, D.C.2003.

M.-L. Shyu, S.-C. Chen, K. Sarinnapakorn, and L. Chang. “A novel anomaly detection scheme based on principal component classifier”. In Proceedings of the Third IEEE International Conference on Data Mining (ICDM’03), pp. 172-179, Florida, Nov. 2003.

B. Morin, H. Debar, “Correlation of Intrusion Symptoms : an Application of Chronicles”, In the Proceedings of the 6th Recent Advances in Intrusion Detection 2003 (RAID2003), 2003.

K. Johansen and S. Lee, « CS424 Network Security: Bayesian Network Intrusion Detection (BNIDS), technical report, May 3, 2003.

T. Abbes, A. Bouhoula, M. Rusinowitch, “Protocol Analysis in Intrusion Detection Using Decision Tree”, in the Proceedings of the International Conference on Information Technology Coding and Computing (ITCC’04), 2004.

Peng Ning, Kun Sun, "How to Misuse AODV: A Case Study of Insider Attacks against Mobile Adhoc Routing Protocols,". In Proceedings of the 4th Annual IEEE Information Assurance Workshop, pp. 60-67, West Point, June 2003.

J. T. Giffin, S. Jha, B. P. Miller, ”Efficient Context-Sensitive Intrusion Detection”. In 11th Annual Network and Distributed Systems Security Symposium (NDSS), San Diego, California, February 2004.

J. B. Mac Queen, ”Some Methods for classification and Analysis of Multivariate Observations”, Proceedings of 5-th Berkeley Symposium on Mathematical Statistics and Probability", Berkeley, University of California Press, 1:281-297, 1967.

G. J. McLachlan, “Discriminant Analysis and Statistical Pattern Recognition”, John Wiley & Sons, N.Y, 1992.

L. Fisher, J. W. Van Ness, “Admissible Discriminant Analysis”, Journal of American Statistical Association, 68, pp. 603-607, 1973.

Downloads

Published

2014-08-01

How to Cite

Beghdad, R. (2014). HIERARCHICAL CLUSTERING ALGORITHM FOR DETECTING ANOMALOUS PROFILES IN COMPUTER SYSTEMS. International Journal of Computing, 7(3), 72-78. https://doi.org/10.47839/ijc.7.3.526

Issue

2008, Volume 7, Issue 3

Section

Articles

License

International Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:
•    Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
•    Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
•    Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.