Name
Abstract | ||
|---|---|---|
We propose a syscall-based anomaly detection system that incorporates both deterministic and stochastic models. We analyze in detail two alternative approaches for anomaly detection over system call sequences and arguments, and propose a number of modifications that significantly improve their performance. We begin by comparing them and analyzing their respective performance in terms of detection accuracy. Then, we outline their major shortcomings, and propose various changes in the models that can address them: we show how targeted modifications of their anomaly models, as opposed to the redesign of the global system, can noticeably improve the overall detection accuracy. Finally, the impact of these modifications are discussed by comparing the performance of the two original implementations with two modified versions complemented with our models. |
Year | DOI | Venue |
|---|---|---|
2009 | 10.1007/978-3-642-02918-9_13 | DIMVA |
Keywords | Field | DocType |
anomaly detection,syscall-based anomaly detection system,overall detection accuracy,detection accuracy,major shortcoming,system call sequence,global system,alternative approach,respective performance,anomaly model,improving system call models,stochastic models,self organizing map,stochastic model | Anomaly detection,Data mining,Computer science,Global system,Implementation,Self-organizing map,System call,Stochastic modelling,Artificial intelligence,Machine learning | Conference |
Volume | ISSN | Citations |
5587 | 0302-9743 | 11 |
PageRank | References | Authors |
0.64 | 24 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Alessandro Frossi | 1 | 37 | 2.53 |
| Federico Maggi | 2 | 524 | 37.68 |
| Gian Luigi Rizzo | 3 | 11 | 0.64 |
| Stefano Zanero | 4 | 736 | 53.78 |