Name
Abstract | ||
|---|---|---|
Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. In this paper we study one such observable-sequences of system calls into the kernel of an operating system. Using system-call data sets generated by several different programs, we compare the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions. We compare the following methods: Simple enumeration of observed sequences, comparison of relative frequencies of different sequences, a rule induction technique, and Hidden Markov Models (HMMs). We discuss the factors affecting the performance of each method, and conclude that for this particular problem, weaker methods than HMMs are likely sufficient. |
Year | DOI | Venue |
|---|---|---|
1999 | 10.1109/SECPRI.1999.766910 | PROCEEDINGS OF THE 1999 IEEE SYMPOSIUM ON SECURITY AND PRIVACY |
Keywords | Field | DocType |
data model,intrusion detection systems,packaging,data models,hidden markov models,reactive power,security,knowledge based systems,hidden markov model,safety systems,authorisation,intrusion detection system,intrusion detection,computer science,distributed computing | Kernel (linear algebra),Data modeling,Data set,Pattern recognition,Markov model,Computer science,Knowledge-based systems,Rule induction,Artificial intelligence,Hidden Markov model,Intrusion detection system,Machine learning | Conference |
ISSN | Citations | PageRank |
1081-6011 | 475 | 41.25 |
References | Authors | |
8 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Christina E. Warrender | 1 | 476 | 42.36 |
| Stephanie Forrest | 2 | 6448 | 1102.07 |
| Barak A. Pearlmutter | 3 | 1963 | 567.26 |