DocumentCode :
2366821
Title :
Sequential Frequency Vector Based System Call Anomaly Detection
Author :
Wu, Ying ; Jiang, Jianhui ; Kong, Liangliang
Author_Institution :
Dept. of Comput. Sci. & Technol., Tongji Univ., Shanghai, China
fYear :
2010
fDate :
13-15 Dec. 2010
Firstpage :
215
Lastpage :
222
Abstract :
Although either of temporal ordering and frequency distribution information embedded in process traces can profile normal process behaviors, but none of ever published schemes uses both of them to detect system call anomaly. This paper claims combining those two kinds of useful information can improve detection performance and firstly proposes sequential frequency vector (SFV) to exploit both temporal ordering and frequency information for system call anomaly detection. Extensive experiments on DARPA-1998 and UNM dataset have substantiated the claim. It is shown that SFV contains richer information and significantly outperforms other techniques in achieving lower false positive rates at 100% detection rate.
Keywords :
remote procedure calls; security of data; frequency distribution information; sequential frequency vector; system call anomaly detection; temporal ordering; KNN scheme; enumerating model; intrusion detection; sequential frequency vector; system call;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Dependable Computing (PRDC), 2010 IEEE 16th Pacific Rim International Symposium on
Conference_Location :
Tokyo
Print_ISBN :
978-1-4244-8975-6
Electronic_ISBN :
978-0-7695-4289-8
Type :
conf
DOI :
10.1109/PRDC.2010.26
Filename :
5703247
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2366821
بازگشت