An Optimized Anomaly Intrusion Detection Scheme Using KNN Algorithm

摘要

Since the task of preventing all attacks is impossible, intrusion detection has now been widely accepted as an essential component in a decent security system. This paper proposes an improved anomaly intrusion detection method based on system calls to learn patterns. The detection process relies on the situation that when an attack exploits vulnerabilities in the code, new subsequences of system calls will appear. K-nearest neighbor (KNN) algorithm is selected as learning approach to estimate the deviation between normal and suspicious activities. As fixed-length patterns can not describe the system behaviors correctly, the method uses variable-length patterns to construct the normal patterns profile. Experiments demonstrate that the method can construct accurate and concise discriminator to detect intrusive action.