Title :
Using information theory to measure call site information of system call in anomaly detection
Author :
Feng Xie ; Lixia Xie
Author_Institution :
China Inf. Technol. Security Evaluation Center, Beijing, China
Abstract :
It is an important and effective approach for the detection of network attacks by means of monitoring and analyzing the running behavior of the program. Traditionally, a program can be characterized by system call issued by it. The call site information of system call, however, is often ignored by many system-call-based detection models. This paper evaluates the influence of the specific information on program behavior by means of information-theoretic measure. Experimental results show that the information could lower conditional entropy as well as relative conditional entropy, which contribute to more precise model and more effective detection for intrusions.
Keywords :
entropy; program diagnostics; security of data; anomaly detection; call site information; detection models; information theory; intrusion detection; network attacks; relative conditional entropy; system call; Algorithms; Entropy; Hidden Markov models; Intrusion detection; Testing; Training; Call site information; Conditional entropy; Information-theoretic measure; Relative conditional entropy; Running behavior;
Conference_Titel :
Communication Technology (ICCT), 2013 15th IEEE International Conference on
Conference_Location :
Guilin
DOI :
10.1109/ICCT.2013.6820341
