Title :
System Call Anomaly Detection Using Multi-HMMs
Author :
Yolacan, Esra N. ; Dy, Jennifer G. ; Kaeli, David R.
Author_Institution :
Dept. of Electr. & Comput. Eng., Northeastern Univ., Boston, MA, USA
fDate :
June 30 2014-July 2 2014
Abstract :
This paper focuses on techniques to detect anomalous behavior in system call sequences. Since profiling complex sequential data is still an open problem in anomaly detection, there is a need to explore new approaches. While previous research has used Hidden Markov Models (HMMs) for anomaly-based intrusion detection, the proposed models tend to increase rapidly in complexity in order to increase the detection rate while reducing the false detections. In this paper, we propose a multi-HMMapproach applied for anomaly detection in clustered system call sequences. We run our experiments using the well-known system call data set provided by the University of New Mexico (UNM). Our process trace clustering approach using HMMs for system call anomaly detection provides accurate results and reduces the complexity required to detect anomalies. In this paper, we show how system call traces processed with our HMM method can provide a path forward to improved intrusion detection techniques.
Keywords :
hidden Markov models; pattern clustering; security of data; anomalous behavior detection; anomaly-based intrusion detection; clustering approach; hidden Markov models; intrusion detection techniques; multi-HMM approach; system call anomaly detection; Computational modeling; Feature extraction; Hidden Markov models; Intrusion detection; Probability distribution; Testing; Training; Anomaly detection; HMMs; system call traces;
Conference_Titel :
Software Security and Reliability-Companion (SERE-C), 2014 IEEE Eighth International Conference on
Conference_Location :
San Francisco, CA
DOI :
10.1109/SERE-C.2014.19
