Sciweavers

ISMIS
2005
Springer

Anomaly Detection in Computer Security and an Application to File System Accesses

14 years 5 months ago
Anomaly Detection in Computer Security and an Application to File System Accesses
Abstract. We present an overview of anomaly detection used in computer security, and provide a detailed example of a host-based Intrusion Detection System that monitors file systems to detect abnormal accesses. The File Wrapper Anomaly Detector (FWRAP) has two parts, a sensor that audits file systems, and an unsupervised machine learning system that computes normal models of those accesses. FWRAP employs the Probabilistic Anomaly Detection (PAD) algorithm previously reported in our work on Windows Registry Anomaly Detection. FWRAP represents a general approach to anomaly detection. The detector is first trained by operating the host computer for some amount of time and a model specific to the target machine is automatically computed by PAD. The model is then deployed to a real-time detector. In this paper we describe the feature set used to model file system accesses, and the performance results of a set of experiments using the sensor while attacking a Linux host with a variety o...
Salvatore J. Stolfo, Shlomo Hershkop, Linh H. Bui,
Added 27 Jun 2010
Updated 27 Jun 2010
Type Conference
Year 2005
Where ISMIS
Authors Salvatore J. Stolfo, Shlomo Hershkop, Linh H. Bui, Ryan Ferster, Ke Wang
Comments (0)