Current host-based intrusion detection systems are mostly based on attack signatures and are unreliable for detecting insider and/or new attacks and they create too many false positives so that administrators become complacent about potential security risks. The opportunity exists to build hierarchical statistical models for host-based intrusion detection systems that will perform deviation detection within information systems while minimizing false alarms. The system is based on the creation of a behavior dictionary for accurate monitoring of deviations. It has three innovative key components. They are: (1) new algorithms for extracting a behavior dictionary from system call data. (2) a statistical model for command names and parameters sequence and (3) an information fusion system based on artificial intelligence techniques for fusing the detection signals generated from different levels of operation data. Tests using the DARPA Intrusion Detection Evaluation data hosted at the MIT Lincoln Laboratory have been very successful. Anticipated Benefits/Commercial Applications: XfinitÂ’s Intrusion Detection System will serve financial institutions, large corporations and government agencies. They will benefit from tighter security that is simple and easy to manage. Xfinit has a unique solution that will enhance internal security and will create trust mechanisms between outsourcing partners. With tighter security, companies and organizations will be able to take advantage of cost saving systems and data transference.
Keywords: Intrusion, Host-based, Computer, Network, Detection, Security, Intrusion Detection System, Protection
