TY - GEN
T1 - An intrusion detection method based on system call temporal serial analysis
AU - Pu, Shi
AU - Lang, Bo
PY - 2007
Y1 - 2007
N2 - System call sequences are useful criteria to judge the behaviors of processes. How to generate an efficient matching algorithm and how to build up an implementable system are two of the most difficult problems. In this paper, we explore the possibility of extending consecutive system call to incorporate temporal signature to the Host-based Intrusion Detection System. In this model, we use the real-time detected system call sequences and their consecutive time interval as the data source, and use temporal signature to filter the real model. During the monitoring procedure, we use data mining methods to analyze the source dynamically and implement incremental learning mechanism. Through studying small size samples and incremental learning, the detecting ability of the system can be still good when the sample's size is small. This paper also introduces the key technologies to build such a system, and verifies this intrusion detection method in real time environment. Finally, this paper gives the experiments results to verify the availability and efficiency of our system.
AB - System call sequences are useful criteria to judge the behaviors of processes. How to generate an efficient matching algorithm and how to build up an implementable system are two of the most difficult problems. In this paper, we explore the possibility of extending consecutive system call to incorporate temporal signature to the Host-based Intrusion Detection System. In this model, we use the real-time detected system call sequences and their consecutive time interval as the data source, and use temporal signature to filter the real model. During the monitoring procedure, we use data mining methods to analyze the source dynamically and implement incremental learning mechanism. Through studying small size samples and incremental learning, the detecting ability of the system can be still good when the sample's size is small. This paper also introduces the key technologies to build such a system, and verifies this intrusion detection method in real time environment. Finally, this paper gives the experiments results to verify the availability and efficiency of our system.
UR - https://www.scopus.com/pages/publications/38049012491
U2 - 10.1007/978-3-540-74171-8_65
DO - 10.1007/978-3-540-74171-8_65
M3 - 会议稿件
AN - SCOPUS:38049012491
SN - 9783540741701
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 656
EP - 666
BT - Advanced Intelligent Computing Theories and Applications
PB - Springer Verlag
T2 - 3rd International Conference on Intelligent Computing, ICIC 2007
Y2 - 21 August 2007 through 24 August 2007
ER -