Title :
A Low-Cost Method to Intrusion Detection System Using Sequences of System Calls
Author :
Geng, Li-zhong ; Jia, Hui-bo
Author_Institution :
Dept. of Precision Instrum. & Mechanology, Tsinghua Univ., Beijing, China
Abstract :
Sequences of system call have become an important data resource of anomaly detection. Considering the large overhead of existing methods to construct normal profile using system call traces, an efficient algorithm is proposed based on STIDE in order to reduce the computing cost. The axis system calls which could represent the characteristics of normal behaviors are extracted by a sequences extracting factor. The improved algorithm measures the interestingness of sequences of system calls by involving the axis system calls, then train and tests the relevant sequences which we are concerned about. Experimental results demonstrate that the computing cost of training and testing in the new way has a reduction of 70% than the standard algorithm.
Keywords :
security of data; anomaly detection; data resource; intrusion detection system; system call trace sequence; Costs; Data mining; Databases; Delay effects; Fuzzy neural networks; Hidden Markov models; Instruments; Intrusion detection; Laboratories; System testing; IDS; anomaly detection; system call;
Conference_Titel :
Information and Computing Science, 2009. ICIC '09. Second International Conference on
Conference_Location :
Manchester
Print_ISBN :
978-0-7695-3634-7
DOI :
10.1109/ICIC.2009.43
