Intrusion detection based on system calls and homogeneous Markov chains

被引:0
|
作者
Tian Xinguang1
2. Inst. of Computing Technology
机构
来源
Journal of Systems Engineering and Electronics | 2008年 / 03期
关键词
intrusion detection; Markov chain; anomaly detection; system call;
D O I
暂无
中图分类号
TN953 [雷达跟踪系统];
学科分类号
080904 ; 0810 ; 081001 ; 081002 ; 081105 ; 0825 ;
摘要
A novel method for detecting anomalous program behavior is presented, which is applicable to host-based intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain model to characterize the normal behavior of a privileged program, and associates the states of the Markov chain with the unique system calls in the training data. At the detection stage, the probabilities that the Markov chain model supports the system call sequences generated by the program are computed. A low probability indicates an anomalous sequence that may result from intrusive activities. Then a decision rule based on the number of anomalous sequences in a locality frame is adopted to classify the program’s behavior. The method gives attention to both computational effciency and detection accuracy, and is especially suitable for on-line detection. It has been applied to practical host-based intrusion detection systems.
引用
收藏
页码:598 / 605
页数:8
相关论文
共 50 条
  • [1] Intrusion detection based on system calls and homogeneous Markov chains
    Tian Xinguang
    Duan Miyi
    Sun Chunlai
    Li Wenfa
    [J]. JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS, 2008, 19 (03) : 598 - 605
  • [2] Markov chains in network intrusion detection
    Hixon, R
    Gruenbacher, DA
    [J]. PROCEEDINGS FROM THE FIFTH IEEE SYSTEMS, MAN AND CYBERNETICS INFORMATION ASSURANCE WORKSHOP, 2004, : 432 - 433
  • [3] Markov chains, classifiers, and intrusion detection
    Jha, S
    Tan, K
    Maxion, RA
    [J]. 14TH IEEE COMPUTER SECURITY FOUNDATIONS WORKSHOP, PROCEEDINGS, 2001, : 206 - 219
  • [4] An Intrusion detection system for network storage based on system calls
    Geng, Li-zhong
    Jia, Hui-bo
    [J]. FIFTH INTERNATIONAL CONFERENCE ON INFORMATION ASSURANCE AND SECURITY, VOL 2, PROCEEDINGS, 2009, : 544 - +
  • [5] LLE on system calls for host based intrusion detection
    Dash, Subrat Kumar
    Rawat, Sanjay
    Pujari, Arun K.
    [J]. 2006 INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY, PTS 1 AND 2, PROCEEDINGS, 2006, : 609 - 612
  • [6] Detection engine based on host system calls for distributed intrusion detection system
    Peng, XG
    Mi, WT
    Liu, YS
    Wu, YS
    [J]. ISTM/2003: 5TH INTERNATIONAL SYMPOSIUM ON TEST AND MEASUREMENT, VOLS 1-6, CONFERENCE PROCEEDINGS, 2003, : 3441 - 3444
  • [7] An efficient hidden Markov model training scheme for anomaly intrusion detection of server applications based on system calls
    Hoang, XD
    Hu, J
    [J]. 2004 12TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, VOLS 1 AND 2 , PROCEEDINGS: UNITY IN DIVERSITY, 2004, : 470 - 474
  • [8] Network intrusion detection based on system calls and data mining
    Tian, Xinguang
    Cheng, Xueqi
    Duan, Miyi
    Liao, Rui
    Chen, Hong
    Chen, Xiaojuan
    [J]. FRONTIERS OF COMPUTER SCIENCE IN CHINA, 2010, 4 (04): : 522 - 528
  • [9] Evading System-Calls Based Intrusion Detection Systems
    Rosenberg, Ishai
    Gudes, Ehud
    [J]. NETWORK AND SYSTEM SECURITY, (NSS 2016), 2016, 9955 : 200 - 216
  • [10] Bypassing system calls-based intrusion detection systems
    Rosenberg, Ishai
    Gudes, Ehud
    [J]. CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2017, 29 (16):
12345