DocumentCode :
2686313
Title :
Improved Edit Distance Method for System Call Anomaly Detection
Author :
Qian Quan ; Wu Jinlin ; Zhu Wei ; Xin Mingjun
Author_Institution :
Sch. of Comput. Eng. & Sci., Shanghai Univ., Shanghai, China
fYear :
2012
fDate :
27-29 Oct. 2012
Firstpage :
1097
Lastpage :
1102
Abstract :
Edit distance has been widely used in different areas to evaluate the similarity between strings of characters. In this paper, the improved edit distance is applied into the short sequence anomaly detection, a kind of host security area. Some modifications for original edit distance including the position exchange and the shortest distance algorithm are described in detail. Through experiment, it shows that the edit distance based anomaly detection method is proved to be more stable and better detection precision than the classical sequence analysis STIDE method.
Keywords :
security of data; string matching; character strings; improved edit distance method; position exchange algorithm; short sequence anomaly detection; shortest distance algorithm; similarity evaluation; system call anomaly detection; Algorithm design and analysis; Computers; Hamming distance; Hidden Markov models; Libraries; Pattern matching; Anomaly detection; Edit distance; Intrusion detection; STIDE;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer and Information Technology (CIT), 2012 IEEE 12th International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4673-4873-7
Type :
conf
DOI :
10.1109/CIT.2012.223
Filename :
6392060
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2686313
بازگشت