• DocumentCode
    2003826
  • Title

    Native API based Windows anomaly intrusion detection method using SVM

  • Author

    Wang, Miao ; Zhang, Cheng ; Yu, Jingjing

  • Author_Institution
    Sch. of Electron. & Inf. Eng., Xi´´an Jiaotong Univ.
  • Volume
    1
  • fYear
    2006
  • fDate
    5-7 June 2006
  • Abstract
    While many researches of host anomaly detection system using system calls under UNIX/UNIX-like systems have been done but little in Windows systems, we do the similar research under Windows platforms via tracing the sequences of Windows native APIs which are considered as the Windows system calls. In this article, we first introduce native API briefly and then divide the captured sequences with slide window method to establish normal pattern database. Then support vector machine method is used for anomaly detection due to its advantages in small-scale dataset and generalization capability. The main purpose of this paper is to prove that Windows native APIs are plausibly possible data source for host anomaly detection system under Windows platforms
  • Keywords
    application program interfaces; operating systems (computers); security of data; support vector machines; SVM; UNIX-like system; Windows native API; host anomaly detection system; intrusion detection method; small-scale dataset; support vector machine method; Buffer overflow; Databases; Educational institutions; Internet; Intrusion detection; Invasive software; Operating systems; Physics; Support vector machines; Wireless LAN;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Sensor Networks, Ubiquitous, and Trustworthy Computing, 2006. IEEE International Conference on
  • Conference_Location
    Taichung
  • Print_ISBN
    0-7695-2553-9
  • Type

    conf

  • DOI
    10.1109/SUTC.2006.1636219
  • Filename
    1636219