Note
College of Engineering and Computer Science
Member of
Contributors
Publisher
Florida Atlantic University
Date Issued
2006
Description
An un-supervised learning algorithm on application level intrusion detection, named Graph Sequence Learning Algorithm (GSLA), is proposed in this dissertation. Experiments prove its effectiveness. Similar to most intrusion detection algorithms, in GSLA, the normal profile needs to be learned first. The normal profile is built using a session learning method, which is combined with the one-way Analysis of Variance method (ANOVA) to determine the value of an anomaly threshold. In the proposed approach, a hash table is used to store a sparse data matrix in triple data format that is collected from a web transition log instead of an n-by-n dimension matrix. Furthermore, in GSLA, the sequence learning matrix can be dynamically changed according to a different volume of data sets. Therefore, this approach is more efficient, easy to manipulate, and saves memory space. To validate the effectiveness of the algorithm, extensive simulations have been conducted by applying the GSLA algorithm to the homework submission system at our computer science and engineering department. The performance of GSLA is evaluated and compared with traditional Markov Model (MM) and K-means algorithms. Specifically, three major experiments have been done: (1) A small data set is collected as a sample data, and is applied to GSLA, MM, and K-means algorithms to illustrate the operation of the proposed algorithm and demonstrate the detection of abnormal behaviors. (2) The Random Walk-Through sampling method is used to generate a larger sample data set, and the resultant anomaly score is classified into several clusters in order to visualize and demonstrate the normal and abnormal behaviors with K-means and GSLA algorithms. (3) Multiple professors' data sets are collected and used to build the normal profiles, and the ANOVA method is used to test the significant difference among professors' normal profiles. The GSLA algorithm can be made as a module and plugged into the IDS as an anomaly detection system.
Language
Type
Form
Extent
131 p.
Subject (Topical)
Identifier
9780542743702
ISBN
9780542743702
Additional Information
College of Engineering and Computer Science
FAU Electronic Theses and Dissertations Collection
Thesis (Ph.D.)--Florida Atlantic University, 2006.
Date Backup
2006
Date Text
2006
Date Issued (EDTF)
2006
Extension
FAU
FAU
admin_unit="FAU01", ingest_id="ing1508", creator="staff:fcllz", creation_date="2007-07-18 19:55:13", modified_by="staff:fcllz", modification_date="2011-01-06 13:08:37"
IID
FADT12220
Issuance
monographic
Organizations
Attributed name: Florida Atlantic University
Attributed name: College of Engineering and Computer Science
Person Preferred Name
Dong, Yuhong.
Graduate College
Physical Description
131 p.
application/pdf
Title Plain
Application level intrusion detection using a sequence learning algorithm
Use and Reproduction
Copyright © is held by the author, with permission granted to Florida Atlantic University to digitize, archive and distribute this item for non-profit research and educational purposes. Any reuse of this item in excess of fair use or other copyright exemptions requires permission of the copyright holder.
http://rightsstatements.org/vocab/InC/1.0/
Origin Information
2006
monographic
Boca Raton, Fla.
Florida Atlantic University
Physical Location
Florida Atlantic University Libraries
Place
Boca Raton, Fla.
Sub Location
Digital Library
Title
Application level intrusion detection using a sequence learning algorithm
Other Title Info
Application level intrusion detection using a sequence learning algorithm