A multi-layer model for anomaly intrusion detection using program sequences of system calls
作者: Xuan Dau Hoang , Jiankun Hu , P. Bertok
DOI: 10.1109/ICON.2003.1266245
关键词:
摘要: In this paper we present a new method to process sequences of system calls for anomaly intrusion detection. The key idea is build multi-layer model program behaviours based on both hidden Markov models and enumerating methods detection, which differs from the conventional single layer approach. Our experiments Unix sendmail have shown that better in detecting anomalous behaviour programs terms accuracy response time. As use temporal characteristics model, it suitable online host-based detection systems LAN environment. Index Terms Intrusion machine learning, call sequence.
sci-hub.se 参考文章(11)
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Y. Qiao, X.W. Xin, Y. Bin, S. Ge, Anomaly intrusion detection method based on HMM Electronics Letters. ,vol. 38, pp. 663- 664 ,(2002) , 10.1049/EL:20020467
Wenke Lee, Salvatore J. Stolfo, A framework for constructing features and models for intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 227- 261 ,(2000) , 10.1145/382912.382914
C. C. Michael, Anup Ghosh, Simple, state-based approaches to program-based anomaly detection ACM Transactions on Information and System Security. ,vol. 5, pp. 203- 237 ,(2002) , 10.1145/545186.545187
L. Rabiner, B. Juang, An introduction to hidden Markov models IEEE ASSP Magazine. ,vol. 3, pp. 4- 16 ,(1986) , 10.1109/MASSP.1986.1165342
R. Sekar, M. Bendre, D. Dhurjati, P. Bollineni, A fast automaton-based method for detecting anomalous program behaviors ieee symposium on security and privacy. pp. 144- 155 ,(2001) , 10.1109/SECPRI.2001.924295
J. Pikoulas, W.J. Buchanan, M. Mannion, K. Triantafyllopoulos, An agent-based Bayesian forecasting model for enhanced network security engineering of computer based systems. pp. 247- 254 ,(2001) , 10.1109/ECBS.2001.922429
C. Warrender, S. Forrest, B. Pearlmutter, Detecting intrusions using system calls: alternative data models ieee symposium on security and privacy. pp. 133- 145 ,(1999) , 10.1109/SECPRI.1999.766910
D.E. Denning, An Intrusion-Detection Model IEEE Transactions on Software Engineering. ,vol. 13, pp. 222- 232 ,(1987) , 10.1109/TSE.1987.232894
S. Forrest, S.A. Hofmeyr, A. Somayaji, T.A. Longstaff, A Sense of Self for Unix Processes Scientific Programming. ,(1996) , 10.1109/SECPRI.1996.502675