System Call Anomaly Detection Using Multi-HMMs

Author

Yolacan, Esra N. ; Dy, Jennifer G. ; Kaeli, David R.

Author_Institution

Dept. of Electr. & Comput. Eng., Northeastern Univ., Boston, MA, USA

fYear

2014

fDate

June 30 2014-July 2 2014

Firstpage

25

Lastpage

30

Abstract

This paper focuses on techniques to detect anomalous behavior in system call sequences. Since profiling complex sequential data is still an open problem in anomaly detection, there is a need to explore new approaches. While previous research has used Hidden Markov Models (HMMs) for anomaly-based intrusion detection, the proposed models tend to increase rapidly in complexity in order to increase the detection rate while reducing the false detections. In this paper, we propose a multi-HMMapproach applied for anomaly detection in clustered system call sequences. We run our experiments using the well-known system call data set provided by the University of New Mexico (UNM). Our process trace clustering approach using HMMs for system call anomaly detection provides accurate results and reduces the complexity required to detect anomalies. In this paper, we show how system call traces processed with our HMM method can provide a path forward to improved intrusion detection techniques.

Keywords

hidden Markov models; pattern clustering; security of data; anomalous behavior detection; anomaly-based intrusion detection; clustering approach; hidden Markov models; intrusion detection techniques; multi-HMM approach; system call anomaly detection; Computational modeling; Feature extraction; Hidden Markov models; Intrusion detection; Probability distribution; Testing; Training; Anomaly detection; HMMs; system call traces;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Security and Reliability-Companion (SERE-C), 2014 IEEE Eighth International Conference on

Conference_Location

San Francisco, CA

Type

conf

DOI

10.1109/SERE-C.2014.19

Filename

6901637