Sequential Frequency Vector Based System Call Anomaly Detection

2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing Pub Date : 2010-12-13 DOI:10.1109/PRDC.2010.26
Ying Wu, Jianhui Jiang, L. Kong
{"title":"Sequential Frequency Vector Based System Call Anomaly Detection","authors":"Ying Wu, Jianhui Jiang, L. Kong","doi":"10.1109/PRDC.2010.26","DOIUrl":null,"url":null,"abstract":"Although either of temporal ordering and frequency distribution information embedded in process traces can profile normal process behaviors, but none of ever published schemes uses both of them to detect system call anomaly. This paper claims combining those two kinds of useful information can improve detection performance and firstly proposes sequential frequency vector (SFV) to exploit both temporal ordering and frequency information for system call anomaly detection. Extensive experiments on DARPA-1998 and UNM dataset have substantiated the claim. It is shown that SFV contains richer information and significantly outperforms other techniques in achieving lower false positive rates at 100% detection rate.","PeriodicalId":382974,"journal":{"name":"2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PRDC.2010.26","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

Abstract

Although either of temporal ordering and frequency distribution information embedded in process traces can profile normal process behaviors, but none of ever published schemes uses both of them to detect system call anomaly. This paper claims combining those two kinds of useful information can improve detection performance and firstly proposes sequential frequency vector (SFV) to exploit both temporal ordering and frequency information for system call anomaly detection. Extensive experiments on DARPA-1998 and UNM dataset have substantiated the claim. It is shown that SFV contains richer information and significantly outperforms other techniques in achieving lower false positive rates at 100% detection rate.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于顺序频率矢量的系统调用异常检测
虽然进程跟踪中嵌入的时间顺序和频率分布信息中的任何一个都可以分析正常的进程行为,但是没有一个已发布的方案同时使用它们来检测系统调用异常。本文认为将这两种有用信息结合起来可以提高系统调用异常检测的性能,并首次提出了时序频率矢量(SFV)来同时利用时序和频率信息进行系统调用异常检测。在DARPA-1998和UNM数据集上的大量实验证实了这一说法。结果表明,SFV包含更丰富的信息,并且在100%的检测率下实现更低的假阳性率方面明显优于其他技术。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing
2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing
自引率
0.00%
发文量
0
期刊最新文献
A Safe Measurement-Based Worst-Case Execution Time Estimation Using Automatic Test-Data Generation An Improved Knowledge Connectivity Condition for Fault-Tolerant Consensus with Unknown Participants On the Reliability of Cascaded TMR Systems A Learning-Based Approach to Secure Web Services from SQL/XPath Injection Attacks Address Remapping for Static NUCA in NoC-Based Degradable Chip-Multiprocessors
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1