Title :
Intrusion Detection Based on Variable Prefix of System Call
Author :
Zheng, Qi ; Jiang, ShengYi
Author_Institution :
Sch. of Inf., Guangdong Univ. of Foreign Studies, Guangzhou, China
Abstract :
System call trace is one of the behavior characteristics of system process. Each system call of the trace depends on several previous system calls. Using Markov model to capture such probabilistic characteristic of the system call is time consuming. Thus, we use Probabilistic Suffix Tree to extract this feature. PST is trained with the normal system call traces. We define a new measure of abnormal system call trace based on the PST to detect abnormal processes. Experiments show that this measurement can well distinguish between normal and abnormal process.
Keywords :
Markov processes; feature extraction; probability; program diagnostics; security of data; trees (mathematics); Markov model; PST; feature extraction; intrusion detection; probabilistic suffix tree; system call trace; Communication system security; Computer networks; Data mining; Face detection; Feature extraction; Hidden Markov models; Informatics; Intrusion detection; Statistics; Wireless communication; Intrusion detection; probabilistic suffix tree; system call trace;
Conference_Titel :
Networks Security Wireless Communications and Trusted Computing (NSWCTC), 2010 Second International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-0-7695-4011-5
Electronic_ISBN :
978-1-4244-6598-9
DOI :
10.1109/NSWCTC.2010.98
