N. Srinivasan and V. Vaidehi (India)
Anomaly detection, Cluster computing, Distributed processing, Neural networks.
The anomaly detection problem has been widely investigated in the literature of computer security. In this paper, a cluster based approach to anomaly detection in a distributed environment is proposed where a number of heterogeneous workstations are used for processing in order to improve the performance of the Intrusion Detection System in terms of adaptiveness, speed of detection, etc. The behavior of the user can be quantified by monitoring the user commands at every workstation. A system is designed to build user profiles based on system call sequences which are generated from the commands executed by the user. A cluster is used to compare the command sequences to the corresponding user profile with a trained neural network using Back propagation algorithm. Continual updation of the system call vector and the process of detecting the anomaly are being spanned across the cluster nodes by balancing the load.
Important Links:
Go Back