A fast automaton-based method for detecting anomalous program behaviors
作者: R. Sekar , M. Bendre , D. Dhurjati , P. Bollineni
DOI: 10.1109/SECPRI.2001.924295
关键词:
摘要: Anomaly detection on system call sequences has become perhaps the most successful approach for detecting novel intrusions. A natural way learning is to use a finite-state automaton (FSA). However previous research indicates that FSA-learning computationally expensive, it cannot be completely automated or space usage of FSA may excessive. We present new overcomes these difficulties. Our builds compact in fully automatic and efficient manner, without requiring access source code programs. The requirements low - order few kilobytes typical uses only constant time per during as well period. This factor leads overheads intrusion detection. Unlike many techniques, our FSA-technique can capture both short term long temporal relationships among calls, thus perform more accurate enables generalize predict future behaviors from past behaviors. As result, training periods needed based are shorter. Moreover false positives reduced increasing likelihood missing attacks. paper describes technique presents comprehensive experimental evaluation technique.
sci-hub.se 参考文章(25)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Eugene H. Spafford, Sandeep Kumar, A pattern-matching model for intrusion detection ,(1994)
Aaron Schwartzbard, Anup K. Ghosh, A study in using neural networks for anomaly and misuse detection usenix security symposium. pp. 12- 12 ,(1999)
Christoph Michael, Anup Ghosh, Using Finite Automata to Mine Execution Data for Intrusion Detection: A Preliminary Report recent advances in intrusion detection. pp. 66- 79 ,(2000) , 10.1007/3-540-39945-3_5
R. Sekar, P. Uppuluri, Synthesizing fast intrusion prevention/detection systems from high-level specifications usenix security symposium. pp. 6- 6 ,(1999)
Wenke Lee, Salvatore J. Stolfo, Data mining approaches for intrusion detection usenix security symposium. pp. 6- 6 ,(1998) , 10.21236/ADA401496
Aaron Schwartzbard, Michael Schatz, Anup K. Ghosh, Learning program behavior profiles for intrusion detection ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 6- 6 ,(1999)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
D. Endler, Intrusion detection. Applying machine learning to Solaris audit data annual computer security applications conference. pp. 268- 279 ,(1998) , 10.1109/CSAC.1998.738647
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109