Anomaly detection of program behaviors based on system calls and homogeneous Markov chain models

Jisuanji Yanjiu yu Fazhan/Computer Research and Development

Volumn 44, Issue 9, 2007, Pages 1538-1544

  Tian, Xinguang ^a,c   Gao, Lizhi ^b,c   Sun, Chunlai ^c   Zhang, Eryang ^a  

^a NATIONAL UNIVERSITY OF DEFENSE TECHNOLOGY   (China)

^b TSINGHUA UNIVERSITY   (China)

^c BEIJING JIAOTONG UNIVERSITY   (China)

Author keywords

Anomaly detection; Intrusion detection; Markov chain; Program behavior; System call

Indexed keywords

COMPUTATIONAL EFFICIENCY; COMPUTER SOFTWARE; HIDDEN MARKOV MODELS; MARKOV PROCESSES; NETWORK SECURITY; SECURITY OF DATA;

ANOMALY DETECTION; MARKOV CHAIN; ONLINE DETECTION; PRIVILEGED PROGRAM; PROGRAM BEHAVIOR; SYSTEM CALL;

INTRUSION DETECTION;

EID: 34948901907     PISSN: 10001239     EISSN: None     Source Type: Journal    
DOI: 10.1360/crad20070912     Document Type: Article

References (15)

1. T Lane, E B Carla. An empirical study of two approaches to sequence learning for anomaly detection [J]. Machine Learning, 2003, 51 (1): 73-107
2. N Ye, Y Zhang, C M Borror. Robustness of the Markov chain model for cyber attack detection [J]. IEEE Trans on Reliability, 2003, 52 (3): 122-138
3. T Lane. Machine learning techniques for the computer security domain of anomaly detection: [Ph D dissertation] [D]. Purdue: Purdue University, 2000
4. C Warrender, S Forrest, B Pearlmutter. Detecting intrusions using system calls: Alternative data models [C]. In: Proc of the 1999 IEEE Symp on Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press, 1999. 133-145
5. Yan Qiao, Xie Weixin, Yang Bin, et al. An anomaly intrusion detection method based on HMM [J]. Electronics Letters, 2002, 38 (13): 663-664
6. S Mukkamala, A H Sung, A Abraham. Intrusion detection using an ensemble of intelligent paradigms [J]. Journal of Network and Computer Application, 2005, 28 (2): 167-182
7. S A Hofmeyr, S Forrest, A Somayaji. Intrusion detection using sequences of system calls [J]. Journal of Computer Security, 1998, 6 (3): 151-180
8. S Forrest, S A Hofmeyr, A Somayaji. Computer immunology [J]. Communications of the ACM, 1997, 40 (10): 88-96
9. S Cho, S Han. Two sophisticated techniques to improve HMM-based intrusion detection systems [J]. Int'l Symp on Recent Advances in Intrusion Detection, Pittsburgh, USA, 2003
10. W Lee, X Dong. Information-theoretic measures for anomaly detection [C]. In: Proc of the 2001 IEEE Symp on Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press, 2001. 130-134
11. Tian Xinguang. Anomaly detection methods for host-based intrusion detection systems: [Ph D dissertation] [D]. Changsha: National University of Defense Technology, 2005 (in Chinese)
12. Li Hui, Guan Xiaohong, Zan Xin, et al. Network intrusion detection based on support vector machine [J]. Journal of Computer Research and Development, 2003, 40 (6): 799-807 (in Chinese)
13. T Verwoerd, R Hunt. Intrusion detection techniques and approaches [J]. Computer Communication, 2002, 25 (15): 1356-1365
14. Tian Xinguang, Gao Lizhi, Zhang Eryang. Intrusion detection method based on machine learning [J]. Journal on Communications, 2006, 27 (6): 108-114 (in Chinese)
15. Sun Hongwei, Tian Xinguang, Li Xuechun, et al. An improved anomaly detection model for IDS [J]. Chinese Journal of Computers, 2003, 26 (11): 1450-1455 (in Chinese)