An Anomaly Intrusion Detection Method Based on PageRank Algorithm

Page Rank is the Google web page ranking algorithm which is based on web link analysis, and has been widely used in search engines, data mining, medicine analysis and many other fields. In this paper the improved Page Rank algorithm will be introduced into the short system-call sequences anomaly detection. There are four core steps to fulfill. Firstly, use a fixing length sliding window to split the target program system call sequences to create a short sequence pattern library. Then, use a pattern library to create a system call graph. Thirdly, use improved Page Rank algorithm to compute the weights between adjacent two nodes. Finally, the Hamming distance with the Page Rank weight to evaluate anomaly degree of different system calls. From the experiments, it shows that the Page Rank based anomaly detection is more stable than classical STIDE detection method.