• DocumentCode
    1869416
  • Title

    Anomaly detection based-on the regularity of normal behaviors

  • Author

    Pan, Feng ; Wang, Weinong

  • Author_Institution
    Dept. of Comput. Sci. & Eng., Shanghai Jiaotong Univ.
  • fYear
    2006
  • fDate
    19-21 Jan. 2006
  • Lastpage
    1046
  • Abstract
    This paper proposes an entropy-based method to measure the regularity of normal behaviors in anomaly detection. This measure is defined as the ratio of the entropy of normal behavior to the entropy of totally random behavior. Then we use one case study on Unix system call data to illustrate the accuracy of this method. We also advanced a new algorithm to detect intrusions using system calls. This algorithm use a data structure called weight tree, first we use normal system call trace build weight tree forest, then scan abnormal trace using these trees and get corresponding weight sequence. These weight sequences can tell us something abnormal has happened or not
  • Keywords
    security of data; trees (mathematics); Unix system call data; anomaly detection; data structure; entropy method; intrusions detection; normal behaviors regularity; normal system call trace build weight tree forest; random behavior; scan abnormal trace; weight sequence; Computer science; Decoding; Entropy; Intrusion detection; Performance gain; Tree data structures;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systems and Control in Aerospace and Astronautics, 2006. ISSCAA 2006. 1st International Symposium on
  • Conference_Location
    Harbin
  • Print_ISBN
    0-7803-9395-3
  • Type

    conf

  • DOI
    10.1109/ISSCAA.2006.1627547
  • Filename
    1627547
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1869416