Sciweavers

COMPSEC
2004

Predicting the intrusion intentions by observing system call sequences

14 years 9 days ago
Predicting the intrusion intentions by observing system call sequences
Identifying the intentions or attempts of the monitored agents through observations is very vital in computer network security. In this paper, a plan recognition method for predicting the anomaly events and the intentions of possible intruders to a computer system is developed based on the observation of system call sequences. The probability of the goal state for a system call sequence is defined as the prediction index to determine if the intention is normal. An efficient algorithm based on the dynamic Bayesian network theory with parameter compensation is derived and then applied to update the index recursively. Extensive empirical testing is performed on the data sets published in the literature and those collected in an actual computer system at our lab. The testing results showed that this method can identify the intrusion behaviors from the observed system call sequences with good accuracy.
Li Feng, Xiaohong Guan, Sangang Guo, Yan Gao, Pein
Added 17 Dec 2010
Updated 17 Dec 2010
Type Journal
Year 2004
Where COMPSEC
Authors Li Feng, Xiaohong Guan, Sangang Guo, Yan Gao, Peini Liu
Comments (0)