HIERARCHICAL CLUSTERING ALGORITHM FOR DETECTING ANOMALOUS PROFILES IN COMPUTER SYSTEMS

Authors

  • Rachid Beghdad

DOI:

https://doi.org/10.47839/ijc.7.3.526

Keywords:

Intrusion detection systems, Audit trail analysis, Hierarchical Clustering Algorithm, User behavior, Anomaly intrusion detection, Anomalous behavior

Abstract

We introduce a new intrusion detection method based on the Hierarchical Clustering Algorithm (HCA), to detect anomalous user’s profiles. In the Unix system, a simple user has only some privileges (can access to some resources), but the root user has more privileges. So, we can speak here about hierarchy of users. By the same way, we can use a hierarchy of users in intrusion detection field, to distinguish between the normal user and suspicious user. Many data mining methods were already used in previous works in intrusion detection. Even if some of them led to interesting results, but they still suffer from some weaknesses. This is the reason why we focused in this study on the use of the HCA to detect anomalous profiles. A survey of intrusion detection methods is presented. The HCA procedure is described in detail. Our simulation results demonstrate the robustness of our approach in comparison to some previous used methods.

References

1. N. Ye, and X. Li, “A Scalable Clustering Technique for Intrusion Signature Recognition”, from the Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, U.S Military Academy, West Point, NY, 5-6 June, pp. 1-4, 2001.

S. C. Johnson, "Hierarchical Clustering Schemes" Psychometrika, 2:241-254, 1967.

J. Marin, D. Ragsdale, and J. Surdu, “A Hybrid Approach to the Profile Creation and Intrusion Detection”, technical report, Information Technology and Operations Center, United States Military Academy, 2000.

A. Bivens, C. Palagiri, R. Smith, B. Szymanski, M. Embrechts, “ Network-based Intrusion Detection Using Neural Networks”, technical report, Rensselaer Polytechnic Institute, Troy, New York 12180-3590, 2002.

R. BEGHDAD, “K-Means for Modelling and Detecting Anomalous Profiles”, International Scientific Journal of Computing, volume 6, n°1, pp. 59-66, June 2007, Ukraine.

U. Lindqvist and P. A. Porras, “eXpert-BSM: A Host-based Intrusion Detection Solution for Sun Solaris”, from Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001), pp. 240–251. IEEE Computer Society, New Orleans, Louisiana, 2001.

S. Cheung, U. Lindquist and M. W. Fong, “Modeling Multistep Cyber Attacks for Scenario Recognition”, from the Third DARPA Information Survivability Conference and Exposition (DISCEX III), Volume I, pp. 284–292, Washington, D.C.2003.

M.-L. Shyu, S.-C. Chen, K. Sarinnapakorn, and L. Chang. “A novel anomaly detection scheme based on principal component classifier”. In Proceedings of the Third IEEE International Conference on Data Mining (ICDM’03), pp. 172-179, Florida, Nov. 2003.

B. Morin, H. Debar, “Correlation of Intrusion Symptoms : an Application of Chronicles”, In the Proceedings of the 6th Recent Advances in Intrusion Detection 2003 (RAID2003), 2003.

K. Johansen and S. Lee, « CS424 Network Security: Bayesian Network Intrusion Detection (BNIDS), technical report, May 3, 2003.

T. Abbes, A. Bouhoula, M. Rusinowitch, “Protocol Analysis in Intrusion Detection Using Decision Tree”, in the Proceedings of the International Conference on Information Technology Coding and Computing (ITCC’04), 2004.

Peng Ning, Kun Sun, "How to Misuse AODV: A Case Study of Insider Attacks against Mobile Adhoc Routing Protocols,". In Proceedings of the 4th Annual IEEE Information Assurance Workshop, pp. 60-67, West Point, June 2003.

J. T. Giffin, S. Jha, B. P. Miller, ”Efficient Context-Sensitive Intrusion Detection”. In 11th Annual Network and Distributed Systems Security Symposium (NDSS), San Diego, California, February 2004.

J. B. Mac Queen, ”Some Methods for classification and Analysis of Multivariate Observations”, Proceedings of 5-th Berkeley Symposium on Mathematical Statistics and Probability", Berkeley, University of California Press, 1:281-297, 1967.

G. J. McLachlan, “Discriminant Analysis and Statistical Pattern Recognition”, John Wiley & Sons, N.Y, 1992.

L. Fisher, J. W. Van Ness, “Admissible Discriminant Analysis”, Journal of American Statistical Association, 68, pp. 603-607, 1973.

Downloads

Published

2014-08-01

How to Cite

Beghdad, R. (2014). HIERARCHICAL CLUSTERING ALGORITHM FOR DETECTING ANOMALOUS PROFILES IN COMPUTER SYSTEMS. International Journal of Computing, 7(3), 72-78. https://doi.org/10.47839/ijc.7.3.526

Issue

Section

Articles