A finite automata model for anomaly intrusion detection using sequences of system calls

被引:0
|
作者
Shindhelm, Art [1 ]
Yu, Vingbing [1 ]
机构
[1] Western Kentucky Univ, Dept Comp Sci, Bowling Green, KY 42101 USA
来源
2005 INTERNATIONAL SYMPOSIUM ON COMPUTER SCIENCE AND TECHNOLOGY, PROCEEDINGS | 2005年
关键词
anomaly intrusion detection; computer security; system calls; finite automata; behavior profiling;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
This paper investigates a new method to detect computer system intrusions more effectively. A finite automata model is proposed to detect program anomalies using sequences of system calls. A finite automaton constructed from the sequential data is identified with a program's behavior profile. The match and mismatch of a test case against the finite automaton are combined with continuity property to determine the "self' (i.e. normal organisms or behaviors) and "non-self' (i.e. abnormal or anomalous behavior) values with the profile. The two values can be compared to predefined threshold values to classify a case as a "normal" or "abnormal". Experimental results on several data sets showed that the model achieved a very high detection rate (98.7%) and a low false alarm (1.7%).
引用
收藏
页码:9 / 15
页数:7
相关论文
共 50 条
  • [1] A multi-layer model for anomaly intrusion detection using program sequences of system calls
    Hoang, XD
    Hu, H
    Bertok, P
    [J]. ICON 2003: 11TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, 2003, : 531 - 536
  • [2] Study on HMM Based Anomaly Intrusion Detection Using System Calls
    Shi Shang-zhe
    Sun Mei-feng
    [J]. PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON ELECTRONIC & MECHANICAL ENGINEERING AND INFORMATION TECHNOLOGY (EMEIT-2012), 2012, 23
  • [3] Construction of finite automata for intrusion detection from system call sequences by genetic algorithms
    Wee, Kyubum
    Kim, Sinjae
    [J]. ADVANCES IN KNOWLEDGE DISCOVERY AND DATA MINING, PROCEEDINGS, 2006, 3918 : 594 - 602
  • [4] A Low-cost Method to Intrusion Detection System using Sequences of System Calls
    Geng, Li-zhong
    Jia, Hui-bo
    [J]. ICIC 2009: SECOND INTERNATIONAL CONFERENCE ON INFORMATION AND COMPUTING SCIENCE, VOL 1, PROCEEDINGS: COMPUTING SCIENCE AND ITS APPLICATION, 2009, : 143 - +
  • [5] Intrusion detection using system call sequences and construction of finite
    Kim, S
    Wee, K
    [J]. 8TH WORLD MULTI-CONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL II, PROCEEDINGS: COMPUTING TECHNIQUES, 2004, : 532 - 537
  • [6] Intrusion detection using radial basis function network on sequences of system calls
    Rapaka, A
    Novokhodko, A
    Wunsch, D
    [J]. PROCEEDINGS OF THE INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS 2003, VOLS 1-4, 2003, : 1820 - 1825
  • [7] Anomaly Intrusion Detection System Using Gaussian Mixture Model
    Bahrololum, M.
    Khaleghi, A.
    [J]. THIRD 2008 INTERNATIONAL CONFERENCE ON CONVERGENCE AND HYBRID INFORMATION TECHNOLOGY, VOL 1, PROCEEDINGS, 2008, : 1162 - 1167
  • [8] Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model
    Bahrololum, M.
    Khaleghi, M.
    [J]. INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2008, 8 (08): : 264 - 271
  • [9] Misuse and Anomaly Intrusion Detection System using Ensemble Learning Model
    Varal, Anuradha S.
    Wagh, S. K.
    [J]. 2018 INTERNATIONAL CONFERENCE ON RECENT INNOVATIONS IN ELECTRICAL, ELECTRONICS & COMMUNICATION ENGINEERING (ICRIEECE 2018), 2018, : 1722 - 1727
  • [10] A reinforcement learning approach for host-based intrusion detection using sequences of system calls
    Xu, X
    Xie, T
    [J]. ADVANCES IN INTELLIGENT COMPUTING, PT 1, PROCEEDINGS, 2005, 3644 : 995 - 1003
12345