• DocumentCode
    2167194
  • Title

    Using information theory to measure call site information of system call in anomaly detection

  • Author

    Feng Xie ; Lixia Xie

  • Author_Institution
    China Inf. Technol. Security Evaluation Center, Beijing, China
  • fYear
    2013
  • fDate
    17-19 Nov. 2013
  • Firstpage
    6
  • Lastpage
    10
  • Abstract
    It is an important and effective approach for the detection of network attacks by means of monitoring and analyzing the running behavior of the program. Traditionally, a program can be characterized by system call issued by it. The call site information of system call, however, is often ignored by many system-call-based detection models. This paper evaluates the influence of the specific information on program behavior by means of information-theoretic measure. Experimental results show that the information could lower conditional entropy as well as relative conditional entropy, which contribute to more precise model and more effective detection for intrusions.
  • Keywords
    entropy; program diagnostics; security of data; anomaly detection; call site information; detection models; information theory; intrusion detection; network attacks; relative conditional entropy; system call; Algorithms; Entropy; Hidden Markov models; Intrusion detection; Testing; Training; Call site information; Conditional entropy; Information-theoretic measure; Relative conditional entropy; Running behavior;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communication Technology (ICCT), 2013 15th IEEE International Conference on
  • Conference_Location
    Guilin
  • Type

    conf

  • DOI
    10.1109/ICCT.2013.6820341
  • Filename
    6820341