出版社:Japan Society for Fuzzy Theory and Intelligent Informatics
摘要:In this paper, we propose a new intrusion detection method that is based on the characteristics of command chains used in an interactive computer environment. The frequency of the commands inputted by a user in a period is analyzed and the user model is constructed. The user authentication system gives warning when the frequency distribution of command chains is not alike comparing with the user model created in the past. We have already proposed a method constructing the user model based on the command chain probability, i.e, the transition probability from the command to the next command in the chain. In this paper, we propose a new method in which the fuzzy measure is used instead of the command chain probability. In order to examine the validity of the method, we reported here the results of the simulation experiment applying the method to the UNIX shell command log data of users. The experiment consists of the two phases, the learning phase, and the test phase. In the learning phase, a user model is generated as for a proper user. The user model consists of the grade of command chain which is defined as the fuzzy measure. In this method, when the frequency of the command chain is high, the grade of the command chain in the learning phase is higher than in the former method. In the test phase, the attestation judgment whether a user is the proper user or not is performed using the combination grades of command chain by the Choquet integration method applying the λ fuzzy measure. The combination grade is evaluated higher, when more combination of a command chains appear in an inspecting command sequence. The results of our experiments showed that the intrusion detection rate was 92.8%, and was fairly improved compared with the rate 70% by the former method with the probability measure. Furthermore, it turns out that in the intrusion detection, the combination of command chains has larger effect than the frequency of appearance of command chains is attestation.
