Intrusion detection based on system calls and homogeneous Markov chains

被引:0
|
作者
Tian Xinguang1
2. Inst. of Computing Technology
机构
来源
Journal of Systems Engineering and Electronics | 2008年 / 03期
关键词
intrusion detection; Markov chain; anomaly detection; system call;
D O I
暂无
中图分类号
TN953 [雷达跟踪系统];
学科分类号
080904 ; 0810 ; 081001 ; 081002 ; 081105 ; 0825 ;
摘要
A novel method for detecting anomalous program behavior is presented, which is applicable to host-based intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain model to characterize the normal behavior of a privileged program, and associates the states of the Markov chain with the unique system calls in the training data. At the detection stage, the probabilities that the Markov chain model supports the system call sequences generated by the program are computed. A low probability indicates an anomalous sequence that may result from intrusive activities. Then a decision rule based on the number of anomalous sequences in a locality frame is adopted to classify the program’s behavior. The method gives attention to both computational effciency and detection accuracy, and is especially suitable for on-line detection. It has been applied to practical host-based intrusion detection systems.
引用
收藏
页码:598 / 605
页数:8
相关论文
共 50 条
  • [21] Research of IOT Intrusion Detection System Based on Hidden Markov Model
    Jiang, Xuesong
    Wei, Xiumei
    Wang, Xingang
    [J]. 2011 INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND APPLICATIONS, 2011, : 151 - 155
  • [22] Research of IOT Intrusion Detection System Based on Hidden Markov Model
    Wei, Xiumei
    Jiang, Xuesong
    Wang, Xingang
    [J]. INFORMATION TECHNOLOGY APPLICATIONS IN INDUSTRY, PTS 1-4, 2013, 263-266 : 2949 - 2952
  • [23] Intrusion detection based on Hidden Markov Model
    Yin, QB
    Shen, LR
    Zhang, RB
    Li, XY
    Wang, HQ
    [J]. 2003 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS, VOLS 1-5, PROCEEDINGS, 2003, : 3115 - 3118
  • [24] Hidden Markov model based intrusion detection
    Liu, Zhi-Yong
    Qiao, Hong
    [J]. INTELLIGENCE AND SECURITY INFORMATICS, PROCEEDINGS, 2006, 3917 : 169 - 170
  • [25] Applying mining fuzzy association rules to intrusion detection based on sequences of system calls
    Zhang, GL
    [J]. NETWORKING AND MOBILE COMPUTING, PROCEEDINGS, 2005, 3619 : 826 - 835
  • [26] Modeling system calls for intrusion detection with dynamic window sizes
    Eskin, E
    Lee, W
    Stolfo, SJ
    [J]. DISCEX'01: DARPA INFORMATION SURVIVABILITY CONFERENCE & EXPOSITION II, VOL I, PROCEEDINGS, 2001, : 165 - 175
  • [27] Mobile agent based intrusion detection system adopting Hidden Markov Model
    Lee, Do-hyeon
    Kim, Doo-young
    Jung, Jae-il
    [J]. COMPUTATIONAL SCIENCE AND ITS APPLICATIONS - ICCSA 2007, PT 2, PROCEEDINGS, 2007, 4706 : 122 - 130
  • [28] An anomaly intrusion detection Based on Hidden Markov model System Call Sequenc
    Wang, Dongliang
    Wang, Zhigang
    [J]. ADVANCED RESEARCH ON AUTOMATION, COMMUNICATION, ARCHITECTONICS AND MATERIALS, PTS 1 AND 2, 2011, 225-226 (1-2): : 609 - +
  • [29] Multi-Layer Hidden Markov Model Based Intrusion Detection System
    Zegeye, Wondimu K.
    Dean, Richard A.
    Moazzami, Farzad
    [J]. MACHINE LEARNING AND KNOWLEDGE EXTRACTION, 2019, 1 (01): : 265 - 286
  • [30] A Fingerprinting System Calls Approach for Intrusion Detection in a Cloud Environment
    Gupta, Sanchika
    Sardana, Anjali
    Kumar, Padam
    Abraham, Ajith
    [J]. 2012 FOURTH INTERNATIONAL CONFERENCE ON COMPUTATIONAL ASPECTS OF SOCIAL NETWORKS (CASON), 2012, : 309 - 314
12345