ПРИЛОЖЕНИЕ НА ДЪРВО НА РЕШЕНИЯТА В СИСТЕМИТЕ ЗА ОТКРИВАНЕ НА НАРУШЕНИЯ

Abstract

The purpose of the intrusion detection systems (IDS) is to reveal any violence of the organizations’ security policy – unauthorized access from outsiders, rising privileges of authorized users, violation of the confidentiality and/or integrity of system resources. The present paper presents an examination of the current IDS, based on the anomalies (behavioral analysis), where C4.5 algorithm is applied in a host-based scenario in order to describe the normal user activity, using decision tree. As a second step, a cluster analysis has been applied with purpose to classify current user activity as normal or malicious. With purpose of approving the proposed methodology, a number of simulation experiments have been applied and the obtained results have been analyzed