Learning classifiers for misuse and anomaly detection using a bag of system calls representation

Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005

Volumn 2005, Issue , 2005, Pages 118-125

  Kang, Dae Ki ^a   Fuller, Doug ^a   Honavar, Vasant ^a  

^a Iowa State University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CALLS REPRESENTATION; INTRUSION DETECTION; LEARNING CLASSIFIERS; MACHINE LEARNING TECHNIQUES;

COMPUTER PROGRAMMING; COMPUTER SCIENCE; COMPUTER SIMULATION; CYBERNETICS; INFORMATION TECHNOLOGY; LEARNING SYSTEMS; STANDARDIZATION;

SECURITY SYSTEMS;

EID: 33745463455     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IAW.2005.1495942     Document Type: Conference Paper

References (25)

1. D. E. Denning, "An intrusion-detection model," IEEE Trans. Softw. Eng., vol. 13, no. 2, pp. 222-232, 1987.
2. S. Axelsson, "Intrusion detection systems: A survey and taxonomy," Tech. Rep. 99-15, Chalmers Univ., Mar. 2000.
3. A. Ghosh and A. Schwartzbard, "A study in using neural networks for anomaly and misuse detection," in 8th USENIX Security Symposium, (Washington, D.C.), pp. 141-151, 1999.
4. B. Mukherjee, H. Heberlein, and K. Levitt, "Network intrusion detection," IEEE Network, vol. 8, no. 3, pp. 26-41, 1994.
5. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A sense of self for unix processes," in Proceedings of the 1996 IEEE Symposium on Security and Privacy, p. 120, IEEE Computer Society, 1996.
6. W. Lee, S. J. Stolfo, and K. W. Mok, "A data mining framework for building intrusion detection models," in IEEE Symposium on Security and Privacy, pp. 120-132, 1999.
7. G. Helmer, J. Wong, M. Slagell, V. Honavar, L. Miller, and R. Lutz, "A software fault tree approach to requirement analysis of an intrusion detection system," in Symposium on Requirements Engineering for Information Security, 2001.
8. E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo, "A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data," Data Mining for Security Applications, 2002.
9. S. A. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion detection using sequences of system calls," Journal of Computer Security, vol. 6, no. 3, pp. 151-180, 1998.
10. J. R. Quinlan, C4-5: programs for machine learning. Morgan Kaufmann Publishers Inc., 1993.
11. A. McCallum and K. Nigam, "A comparison of event models for naive bayes text classification," in AAAI-98 Workshop on Learning for Text Categorization, 1998.
12. W. W. Cohen, "Fast effective rule induction," in Proc. of the ISth International Conference on Machine Learning (A. Prieditis and S. Russell, eds.), (Tahoe City, CA), pp. 115-123, Morgan Kaufmann, July 9-12, 1995.
13. C. Cortes and V. Vapnik, "Support-vector networks," Mach. Learn., vol. 20, no. 3, pp. 273-297, 1995.
14. J. C. Platt, "Fast training of support vector machines using sequential minimal optimization," Advances in kernel methods: support vector learning, pp. 185-208, 1999.
15. S. L. Cessie and J. V. Houwelingen, "Ridge estimators in logistic regression," Applied Statistics, vol. 41, no. 1, pp. 191-201, 1992.
16. C. M. Bishop, Neural networks for pattern recognition. Oxford University Press, 1996.
17. T. M. Mitchell, Machine Learning. New York: McGraw-Hill, 1997.
18. C. Warrender, S. Forrest, and B. A. Pearlmutter, "Detecting intrusions using system calls: Alternative data models," in IEEE Symposium on Security and Privacy, pp. 133-145, 1999.
19. K. M. C. Tan and R. A. Maxion, ""Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector," in Proceedings of the 2002 IEEE Symposium an Security and Privacy, p. 188, IEEE Computer Society, 2002.
20. R. Lippmann, R. K. Cunningham, D. J. Fried, I. Graf, K. R. Kendall, S. E. Webster, and M. A. Zissman, "Results of the darpa 1998 offline intrusion detection evaluation.," in Recent Advances in Intrusion Detection, 1999.
21. S. Kullback and R. A. Leiblei, "On information and sufficiency," Ann. Math. Statist., vol. 22, pp. 79-86, 1951.
22. M. Li and P. M. B. Vitanyi, An Introduction to Kolmogorov Complexity and Its Applications. Berlin: Springer-Verlag, 1993.
23. D. Wagner and P. Soto, "Mimicry attacks on host based intrusion detection systems," in Proc. Ninth ACM Conference on Computer and Communications Security, 2002.
24. D. Anderson, T. F. Lunt, H. Javitz, A. Tamaru, and A. Valdes, "Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (NIDES)," Tech. Rep. SRI-CSL-95-06, Computer Science Laboratory, SRI International, Menlo Park, CA, May 1995.
25. W. Lee and S. Stolfo, "Data mining approaches for intrusion detection," in Proceedings of the 7th USENIX Security Symposium, (San Antonio, TX), 1998.