Behavioral Distance Measurement Using Hidden Markov Models
作者: Debin Gao , Michael K. Reiter , Dawn Song
DOI: 10.1007/11856214_2
关键词:
摘要: The behavioral distance between two processes is a measure of the deviation their behaviors. Behavioral has been proposed for detecting compromise process, by computing its from another process executed on same input. Provided that are diverse and so unlikely to fall prey attacks, an increase in might indicate one them. In this paper we propose new approach calculation using type Hidden Markov Model. We also empirically evaluate intrusion detection capability our proposal when used system-call behaviors web servers. Our experiments show it detects intrusions with substantially greater accuracy performance overhead comparable prior proposals.
springer.com
smu.edu.sg
core.ac.uk参考文章(40)
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Efficient Context-Sensitive Intrusion Detection. network and distributed system security symposium. ,(2004)
Kang G. Shin, P. Ramanathan, DIAGNOSIS OF PROCESSORS WITH BYZANTINE FAULTS IN A DISTRIBUTED COMPUTING SYSTEM. IEEE. ,(1987)
Debin Gao, Dawn Song, Michael K. Reiter, On gray-box program tracking for anomaly detection usenix security symposium. pp. 8- 8 ,(2004)
Kymie Tan, John McHugh, Kevin Killourhy, Hiding Intrusions: From the Abnormal to the Normal and Beyond information hiding. pp. 1- 17 ,(2002) , 10.1007/3-540-36415-3_1
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Detecting Manipulated Remote Call Streams usenix security symposium. pp. 61- 79 ,(2002)
Christopher Kruegel, Darren Mutz, Fredrik Valeur, Giovanni Vigna, On the detection of anomalous system call arguments european symposium on research in computer security. pp. 326- 343 ,(2003) , 10.1007/978-3-540-39650-5_19
Liming Chen, A. Avizienis, N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON ieee international symposium on fault tolerant computing. pp. 113- ,(1995) , 10.1109/FTCSH.1995.532621
Henry Hanping Feng, J.T. Giffin, Yong Huang, S. Jha, Wenke Lee, B.P. Miller, Formalizing sensitivity in static analysis for intrusion detection ieee symposium on security and privacy. pp. 194- 208 ,(2004) , 10.1109/SECPRI.2004.1301324
Peter H. Sellers, On the Theory and Computation of Evolutionary Distances Siam Journal on Applied Mathematics. ,vol. 26, pp. 787- 793 ,(1974) , 10.1137/0126070
Leonard E. Baum, Ted Petrie, Statistical Inference for Probabilistic Functions of Finite State Markov Chains Annals of Mathematical Statistics. ,vol. 37, pp. 1554- 1563 ,(1966) , 10.1214/AOMS/1177699147