Detecting Intrusions using System Calls: Alternative Data Models

14 years 3 months ago

Download www.cc.gatech.edu

Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. In this paper we study one such observable-sequences of system calls into the kernel of an operating system. Using system-call data sets generated by several different programs, we compare the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions. We compare the following methods: Simple enumeration of observed sequences, comparison of relative frequencies of different sequences, a rule induction technique, and Hidden Markov Models (HMMs). We discuss the factors affecting the performance of each method, and conclude that for this particular problem, weaker methods than HMMs are likely sufficient.

Christina Warrender, Stephanie Forrest, Barak A. P

Real-time Traffic

Data Modeling Methods | Intrusion Detection Systems | Security Privacy | SP 1999 | System-call Data Sets |

claim paper

Post Info
More Details (n/a)

Added	04 Aug 2010
Updated	04 Aug 2010
Type	Conference
Year	1999
Where	SP
Authors	Christina Warrender, Stephanie Forrest, Barak A. Pearlmutter

Comments (0)

Sciweavers

Detecting Intrusions using System Calls: Alternative Data Models

Data Modeling Methods | Intrusion Detection Systems | Security Privacy | SP 1999 | System-call Data Sets |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers