Multi-events analysis for anomaly intrusion detection

Abstract

Probabilistic methods are widely used in intrusion detection especially in computer audit data analysis. There are many famous probabilistic algorithm such as decision tree, Hotelling's T2, chi-square, first-order and high-order Markov model. These algorithms focus on some data features to mark anomaly state. New features are introduced into these algorithms and proper combination of these features will provide excellent result. But these algorithms are used single metric generated by multi-events so as to detect intrusion by comparison with a certain threshold. Experiment shows that using per event-based metric can improve accuracy of intrusion detection but not improve complexity of algorithm. In our paper we will provide a metric vector based on algorithm to detection intrusion that is more accurate and effective than traditional ones. Also, we provide some intrusion detection methods to our algorithm.