Change search
ReferencesLink to record
Permanent link

Direct link
Intrusion Detection System for Classifying User Behavior
KTH, School of Information and Communication Technology (ICT).
2010 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Nowaday, we use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Not only for personal use, computers and network of computers become crucial parts of companies, organizations, governments. A lot of important information is stored in computers and transfered across networks and the Internet. Unauthorized users break into systems to have access to private information. This brings the need of a system that can detect and prevent those harmful activities. Intrusion detection systems (IDSs) monitor networks and/or systems to detect malicious activities. That helps us to re-act and stop intruders. There are two types of IDSs, network-based IDSs and host-based IDSs. A network-based IDS monitors network traffic and activities to find attacks, and a host-based IDS monitors activities in a computer system to detect malicious actions.

This thesis is a research on using machine learning techniques in implementing a host-based IDS that can tell us a computer process is normal (harmless) or abnormal (harmful). Three machine learning techniques are applied to Basic Security Module (BSM) log files of a Solaris system. Data sets used in experiments are from DARPA Intrusion Detection Evaluation 1998. The research provides some ways to apply Support Vector Machines, k-Nearest Neighbors and Hidden Markov Models to an IDS, and compares performances of these three methods

Place, publisher, year, edition, pages
2010. , 84 p.
URN: urn:nbn:se:kth:diva-26398OAI: diva2:372416
Available from: 2010-11-25 Created: 2010-11-25 Last updated: 2010-11-25Bibliographically approved

Open Access in DiVA

fulltext(613 kB)834 downloads
File information
File name FULLTEXT01.pdfFile size 613 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
School of Information and Communication Technology (ICT)

Search outside of DiVA

GoogleGoogle Scholar
Total: 834 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 1090 hits
ReferencesLink to record
Permanent link

Direct link