Improved Edit Distance Method for System Call Anomaly Detection

Author

Qian Quan ; Wu Jinlin ; Zhu Wei ; Xin Mingjun

Author_Institution

Sch. of Comput. Eng. & Sci., Shanghai Univ., Shanghai, China

fYear

2012

fDate

27-29 Oct. 2012

Firstpage

1097

Lastpage

1102

Abstract

Edit distance has been widely used in different areas to evaluate the similarity between strings of characters. In this paper, the improved edit distance is applied into the short sequence anomaly detection, a kind of host security area. Some modifications for original edit distance including the position exchange and the shortest distance algorithm are described in detail. Through experiment, it shows that the edit distance based anomaly detection method is proved to be more stable and better detection precision than the classical sequence analysis STIDE method.

Keywords

security of data; string matching; character strings; improved edit distance method; position exchange algorithm; short sequence anomaly detection; shortest distance algorithm; similarity evaluation; system call anomaly detection; Algorithm design and analysis; Computers; Hamming distance; Hidden Markov models; Libraries; Pattern matching; Anomaly detection; Edit distance; Intrusion detection; STIDE;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Technology (CIT), 2012 IEEE 12th International Conference on

Conference_Location

Chengdu

Print_ISBN

978-1-4673-4873-7

Type

conf

DOI

10.1109/CIT.2012.223

Filename

6392060

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2686313