Intrusion detection based on system calls and homogeneous Markov chains

	Intrusion detection based on system calls and homogeneous Markov chains
	Tian Xinguang 1,2; Duan Miyi 1,2; Sun Chunlai 1; Li Wenfa 1,2
	2008-06-01
发表期刊	JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS
ISSN	1004-4132
卷号	19 期号:3 页码:598-605
摘要	A novel method for detecting anomalous program behavior is presented, which is applicable to host-based intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain model to characterize the normal behavior of a privileged program, and associates the states of the Markov chain with the unique system calls in the training data. At the detection stage, the probabilities that the Markov chain model supports the system call sequences generated by the program are computed. A low probability indicates an anomalous sequence that may result from intrusive activities. Then a decision rule based on the number of anomalous sequences in a locality frame is adopted to classify the program's behavior. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for on-line detection. It has been applied to practical host-based intrusion detection systems.
关键词	intrusion detection Markov chain anomaly detection system call
收录类别	SCI
语种	英语
WOS研究方向	Automation & Control Systems ; Engineering ; Operations Research & Management Science
WOS类目	Automation & Control Systems ; Engineering, Electrical & Electronic ; Operations Research & Management Science
WOS记录号	WOS:000257407900027
出版者	SYSTEMS ENGINEERING & ELECTRONICS, EDITORIAL DEPT
引用统计	被引频次：7[WOS] [WOS记录] [WOS相关记录]
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/11119
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Tian Xinguang
作者单位	1.Beijing Jiaotong Univ, Inst Comp Technol, Beijing 100029, Peoples R China 2.Chinese Acad Sci, Inst Comp Technol, Beijing 100080, Peoples R China
推荐引用方式 GB/T 7714	Tian Xinguang,Duan Miyi,Sun Chunlai,et al. Intrusion detection based on system calls and homogeneous Markov chains[J]. JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS,2008,19(3):598-605.
APA	Tian Xinguang,Duan Miyi,Sun Chunlai,&Li Wenfa.(2008).Intrusion detection based on system calls and homogeneous Markov chains.JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS,19(3),598-605.
MLA	Tian Xinguang,et al."Intrusion detection based on system calls and homogeneous Markov chains".JOURNAL OF SYSTEMS ENGINEERING AND ELECTRONICS 19.3(2008):598-605.