A Low-cost Method to Intrusion Detection System using Sequences of System Calls

被引:1
作者
Geng, Li-zhong [1 ]
Jia, Hui-bo [2 ]
机构
[1] Tsinghua Univ, Dept Precis Instruments & Mech, Beijing 100084, Peoples R China
[2] Tsinghua Univ, State Key Lab Precis Measurement Technol & Instru, Beijing, Peoples R China
来源
ICIC 2009: SECOND INTERNATIONAL CONFERENCE ON INFORMATION AND COMPUTING SCIENCE, VOL 1, PROCEEDINGS: COMPUTING SCIENCE AND ITS APPLICATION | 2009年
关键词
IDS; anomaly detection; system call;
D O I
10.1109/ICIC.2009.43
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
Sequences of system call have become an important data resource of anomaly detection. Considering the large overhead of existing methods to construct normal profile using system call traces, an efficient algorithm is proposed based on STIDE in order to reduce the computing cost. The axis system calls which could represent the characteristics of normal behaviors are extracted by a sequences extracting factor. The improved algorithm measures the interestingness of sequences of system calls by involving the axis system calls, then train and tests the relevant sequences which we are concerned about. Experimental results demonstrate that the computing cost of training and testing in the new way has a reduction of 70% than the standard algorithm.
引用
收藏
页码:143 / +
页数:2
相关论文
共 9 条
[1]   A sense of self for unix processes [J].
Forrest, S ;
Hofmeyr, SA ;
Somayaji, A ;
Longstaff, TA .
1996 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 1996, :120-128
[2]  
Hofmeyr S. A., 1998, Journal of Computer Security, V6, P151
[3]   A data mining framework for building intrusion detection models [J].
Lee, W ;
Stolfo, SJ ;
Mok, KW .
PROCEEDINGS OF THE 1999 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 1999, :120-132
[4]   A new intrusion detection method based on Fuzzy HMM [J].
Li, Yongzhong ;
Ge, Yang ;
Jing, Xu ;
Bo, Zhao .
ICIEA 2008: 3RD IEEE CONFERENCE ON INDUSTRIAL ELECTRONICS AND APPLICATIONS, PROCEEDINGS, VOLS 1-3, 2008, :36-39
[5]  
Raman C, 2005, LECT NOTES COMPUT SC, V3816, P389, DOI 10.1007/11604655_44
[6]   Intrusion detection using text processing techniques with a kernel based similarity measure [J].
Sharma, Alok ;
Pujari, Arun K. ;
Paliwal, Kuldip K. .
COMPUTERS & SECURITY, 2007, 26 (7-8) :488-495
[7]  
Somayaji A, 2000, USENIX ASSOCIATION PROCEEDINGS OF THE NINTH USENIX SECURITY SYMPOSIUM, P185
[8]  
XU X, 2007, P 4 INT S NEUR NETW, P455
[9]  
Zhang GL, 2005, LECT NOTES ARTIF INT, V3584, P483
1