Title :
Motif Extraction with Indicative Events for System Call Sequence Classification
Author :
Li, Jiwei ; Zhang, Xianghua ; Yuan, Chun ; Jiang, Zhaohui ; Feng, Huanqing
Author_Institution :
Univ. of Sci. & Technol. of China, Hefei
Abstract :
Various approaches have been proposed to extract patterns from system call sequences invoked by applications to better model their behaviors. They use fixed-length or variable-length patterns to represent the sequences. However, these techniques are all based on mathematical rules and do not consider the underlying mechanism of the program execution. In this paper, we propose a method that extracts the motifs - subroutines conserved across sequences - in an efficient way by using the semantic call graph model. We focus on two cases: one is intrusion detection; the other is automatic problem diagnosis, and show that the presences of our defined motifs are highly discriminative features to represent different application behaviors. This is in agreement with the idea that taking these motifs to be the building blocks of program execution. Using these features, we can achieve higher detection rate while maintaining lower false positive.
Keywords :
graph theory; pattern classification; security of data; system monitoring; automatic problem diagnosis; intrusion detection; motif extraction; pattern extraction; semantic call graph model; system call sequence classification; Application software; Asia; Classification algorithms; Computerized monitoring; Feature extraction; Intrusion detection; Laboratories; Multimedia computing; Proteins; Security;
Conference_Titel :
Fuzzy Systems and Knowledge Discovery, 2007. FSKD 2007. Fourth International Conference on
Conference_Location :
Haikou
Print_ISBN :
978-0-7695-2874-8
DOI :
10.1109/FSKD.2007.411
