Finding the vocabulary of program behavior data for anomaly detection
作者: C.C. Michael
DOI: 10.1109/DISCEX.2003.1194881
关键词: Anomaly detection 、 Preprocessor 、 Anomaly-based intrusion detection system 、 Anomaly (physics) 、 Detector 、 Computer science 、 Construct (python library) 、 Level of detail 、 Data mining 、 Vocabulary
摘要: Application-based anomaly detectors construct a base-line model of normal application behavior, and deviations from that behavior are interpreted as signs possible intrusion. But current monitor at high level detail, many irrelevant variations in can cause false alarms. This paper discusses the preprocessing audit data ultimately used by application-based detection systems. The goal is to create more abstract picture program filtering out details. Our specific approach automatically identifies repeating sub-sequences events sequences always occur together. main benefit this technique be with wide variety program-based detectors, but we present empirical results showing how it improves performance well-known stide system.
sci-hub.se 参考文章(23)
Terran Lane, Carla E Brodley, An Application of Machine Learning to Anomaly Detection ,(1999)
Dan Gusfield, Algorithms on Strings, Trees, and Sequences: Suffix Trees and Their Uses ,(1997) , 10.1017/CBO9780511574931
Jens Stoye, Dan Gusfield, Simple and Flexible Detection of Contiguous Repeats Using a Suffix Tree (Preliminary Version) combinatorial pattern matching. ,vol. 1448, pp. 140- 152 ,(1998) , 10.1007/BFB0030787
Jeffrey D. Ullman, Alfred V. Aho, Principles of Compiler Design ,(1977)
Esko Ukkonen, Constructing Suffix Trees On-Line in Linear Time world computer congress on algorithms software architecture. pp. 484- 492 ,(1992)
James Cannady, Artificial Neural Networks for Misuse Detection ,(1998)
D. Endler, Intrusion detection. Applying machine learning to Solaris audit data annual computer security applications conference. pp. 268- 279 ,(1998) , 10.1109/CSAC.1998.738647
Teresa F. Lunt, A survey of intrusion detection techniques Computers & Security. ,vol. 12, pp. 405- 418 ,(1993) , 10.1016/0167-4048(93)90029-5
Dan Gusfield, Jens Stoye, Linear time algorithms for finding and representing all the tandem repeats in a string Journal of Computer and System Sciences. ,vol. 69, pp. 525- 546 ,(2004) , 10.1016/J.JCSS.2004.03.004
Carla Marceau, Characterizing the behavior of a program using multiple-length N-grams new security paradigms workshop. pp. 101- 110 ,(2001) , 10.1145/366173.366197