Native API Based Windows Anomaly Intrusion Detection Method Using SVM

14 years 5 months ago

Download cse.unl.edu

While many researches of Host Anomaly Detection System using system calls under UNIX/UNIX-like systems have been done but little in Windows systems, we do the similar research under Windows platforms via tracing the sequences of Windows Native APIs which are considered as the Windows system calls. In this article, we first introduce Native API briefly and then divide the captured sequences with slide window method to establish normal pattern database. Then Support Vector Machine Method is used for anomaly detection due to its advantages in small-scale dataset and generalization capability. The main purpose of this paper is to prove that Windows Native APIs are plausibly possible data source for Host Anomaly Detection System under Windows platforms.

Miao Wang, Cheng Zhang, Jingjing Yu

Real-time Traffic

Host Anomaly Detection | SUTC 2006 | Windows Native APIs | Windows Platforms |

claim paper

Post Info
More Details (n/a)

Added	12 Jun 2010
Updated	12 Jun 2010
Type	Conference
Year	2006
Where	SUTC
Authors	Miao Wang, Cheng Zhang, Jingjing Yu

Comments (0)

Sciweavers

Native API Based Windows Anomaly Intrusion Detection Method Using SVM

Host Anomaly Detection | SUTC 2006 | Windows Native APIs | Windows Platforms |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers