A rough set theory based method for anomaly intrusion detection in computer network systems

Abstract: Intrusion detection is important in the defensein-depth network security framework. This paper presents an effective method for anomaly intrusion detection with low overhead and high efficiency. The method is based on rough set theory to extract a set of detection rules with a minimal size as the normal behavior model from the system call sequences generated during the normal execution of a process. It is capable of detecting the abnormal operating status of a process and thus reporting a possible intrusion. C… Show more

“…It follows that (U, K) is a covering approximation space. (2). On the other hand, for each u ∈ U, there is ∈ A such that u ∈ K˛since K is a cover of U, hence (u, ˛) ∈ R, and so ˛∈ uR / = Ø from Remark 2.2(2).…”

“…(2) The formal context (U, A, R) is called to be regular if for each u ∈ U and each ˛ ∈ A, uR / = Ø and R˛ / = Ø, where uR = {ˇ ∈ A : (u, ) ∈ R} and R˛ = {v ∈ U : (v, ˛) ∈ R}. Remark 2.2.…”

“…(2) Let a disease feature ˛ ∈ A. By Definition 1.1 (2), there is a person u ∈ U such that u have the disease feature ˛, i.e., (u, ˛) ∈ R. By Remark 2.2(2), u ∈ R˛. It follows that R˛ / = Ø.…”

“…Then (U, K) is called to be induced by (U, A, R). (2) Let (U, K) be a covering approximation space and let (U, A, R) be a regular formal context obtained by Proposition 2.7 (2). Then (U, A, R) is called to be induced by (U, K).…”

“…(2) In this section, a covering approximation space (U, K) is always supposed to be endowed covering approximation operators C and C.…”

Connectivity of covering approximation spaces and its applications on epidemiological issue

“…It follows that (U, K) is a covering approximation space. (2). On the other hand, for each u ∈ U, there is ∈ A such that u ∈ K˛since K is a cover of U, hence (u, ˛) ∈ R, and so ˛∈ uR / = Ø from Remark 2.2(2).…”

“…(2) The formal context (U, A, R) is called to be regular if for each u ∈ U and each ˛ ∈ A, uR / = Ø and R˛ / = Ø, where uR = {ˇ ∈ A : (u, ) ∈ R} and R˛ = {v ∈ U : (v, ˛) ∈ R}. Remark 2.2.…”

“…(2) Let a disease feature ˛ ∈ A. By Definition 1.1 (2), there is a person u ∈ U such that u have the disease feature ˛, i.e., (u, ˛) ∈ R. By Remark 2.2(2), u ∈ R˛. It follows that R˛ / = Ø.…”

“…Then (U, K) is called to be induced by (U, A, R). (2) Let (U, K) be a covering approximation space and let (U, A, R) be a regular formal context obtained by Proposition 2.7 (2). Then (U, A, R) is called to be induced by (U, K).…”

“…(2) In this section, a covering approximation space (U, K) is always supposed to be endowed covering approximation operators C and C.…”

Connectivity of covering approximation spaces and its applications on epidemiological issue

A Fast Host-Based Intrusion Detection System Using Rough Set Theory

Rough Set Based Solutions for Network Security