A Cyber-Attack Detection Model Based on Multivariate Analyses

Yuto SAKAI  Koichiro RINSAKA  Tadashi DOHI  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E92-A   No.7   pp.1585-1592
Publication Date: 2009/07/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E92.A.1585
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Recent Advances in Technologies for Assessing System Reliability)
information security,  cyber-attack,  intrusion detection,  quantification method,  cluster analysis,  

Full Text: PDF(345.1KB)>>
Buy this Article

In the present paper, we propose a novel cyber-attack detection model based on two multivariate-analysis methods to the audit data observed on a host machine. The statistical techniques used here are the well-known Hayashi's quantification method IV and cluster analysis method. We quantify the observed qualitative audit event sequence via the quantification method IV, and collect similar audit event sequence in the same groups based on the cluster analysis. It is shown in simulation experiments that our model can improve the cyber-attack detection accuracy in some realistic cases where both normal and attack activities are intermingled.