Title :
Anomaly detection based-on the regularity of normal behaviors
Author :
Pan, Feng ; Wang, Weinong
Author_Institution :
Dept. of Comput. Sci. & Eng., Shanghai Jiaotong Univ.
Abstract :
This paper proposes an entropy-based method to measure the regularity of normal behaviors in anomaly detection. This measure is defined as the ratio of the entropy of normal behavior to the entropy of totally random behavior. Then we use one case study on Unix system call data to illustrate the accuracy of this method. We also advanced a new algorithm to detect intrusions using system calls. This algorithm use a data structure called weight tree, first we use normal system call trace build weight tree forest, then scan abnormal trace using these trees and get corresponding weight sequence. These weight sequences can tell us something abnormal has happened or not
Keywords :
security of data; trees (mathematics); Unix system call data; anomaly detection; data structure; entropy method; intrusions detection; normal behaviors regularity; normal system call trace build weight tree forest; random behavior; scan abnormal trace; weight sequence; Computer science; Decoding; Entropy; Intrusion detection; Performance gain; Tree data structures;
Conference_Titel :
Systems and Control in Aerospace and Astronautics, 2006. ISSCAA 2006. 1st International Symposium on
Conference_Location :
Harbin
Print_ISBN :
0-7803-9395-3
DOI :
10.1109/ISSCAA.2006.1627547
