A Meta Decision Tree combined with Blast Approach for Intrusion Detection

• Main Authors: Jao, Jui-En, 饒瑞恩
• Other Authors: Hu, Yuh-Jyh
• Format: Others
• Language: zh-TW
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/a6377x

碩士 === 國立交通大學 === 資訊科學與工程研究所 === 104 === Along with the constantly updated Internet intrusions, the network security keeps getting severely challenged. In the current defense mechanism, Intrusion Detection System (IDS) is capable of detecting activities that attempt to compromise the confidentiality, integrity or availability of a system or network. Traditionally, IDS can be classified as signature detection system and anomaly detection system. Signature IDS is able to identify known malicious activities in network traffic or applications, while Anomaly IDS compares an activity against a defined "normal" baseline. One of the most investigated fields is system call analysis. An infected/intruding user program will keep trying to do some activities (e.g. Accessing file system or boot sector) which a "normal" user program seldom does. Therefore, we can inspect if the user program is an intrusion by analyzing system call sequence which allows us to check all the history activities that the program did. In this paper, we combine BLAST biological sequence alignment and Meta Decision Tree (MDT) on host based UNM dataset which is system call sequence data and we also use MDT alone on network based NSL-KDD dataset which is network packet feature based data. The result shows our method performs better than previous ones in most cases.