Anomaly Detection Using Integration Model of Vector Space and Network Representation
-
- Oka Mizuki
- University of Tsukuba Presently with Japan Society for the Promotion of Science
-
- Kato Kazuhiko
- University of Tsukuba
抄録
We propose the Eigen Co-occurrence Matrix (ECM) method, which is a modeling method for tracking the behaviors of an individual, system, or network in terms of event sequences of discrete data. Our method uses the correlation between events in a sequence to extract distinct characteristics. A key idea behind the ECM method is to regard a sequence as a serialized sequence that originally had structural relations and to extract the embedded dependencies of the events. To test its retrieval performance, we applied the ECM method to the problem of anomaly detection in intrusion detection systems. Specifically, we used the method to model a UNIX command sequence and attempted to detect intruders masquerading as valid users. The experimental results reveal that the ECM method offers distinct characteristic models for analyzing event sequences.
収録刊行物
-
- Information and Media Technologies
-
Information and Media Technologies 2 (3), 762-772, 2007
Information and Media Technologies 編集運営会議
- Tweet
詳細情報 詳細情報について
-
- CRID
- 1390282680241580160
-
- NII論文ID
- 130000058270
-
- ISSN
- 18810896
-
- 本文言語コード
- en
-
- データソース種別
-
- JaLC
- CiNii Articles
-
- 抄録ライセンスフラグ
- 使用不可