MURAL - Maynooth University Research Archive Library



    Detecting intrusions using system calls: alternative data models


    Warrender , Christina and Forrest , Stephanie and Pearlmutter, Barak A. (1999) Detecting intrusions using system calls: alternative data models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 9-12, 1999, Oakland, California.

    [img] Download (175kB)
    Official URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arn...


    Share your research

    Twitter Facebook LinkedIn GooglePlus Email more...



    Add this article to your Mendeley library


    Abstract

    Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. In this paper we study one such observable—sequences of system calls into the kernel of an operating system. Using system-call data sets generated by several different programs, we compare the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions. We compare the following methods: Simple enumeration of observed sequences, comparison of relative frequencies of different sequences, a rule induction technique, and Hidden Markov Models (HMMs). We discuss the factors affecting the performance of each method, and conclude that for this particular problem, weaker methods than HMMs are likely sufficient.

    Item Type: Conference or Workshop Item (Paper)
    Additional Information: Copyright Notice "©1999 IEEE. Reprinted from Proceedings of the 1999 IEEE Symposium on Security and Privacy. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE." http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=766910&isnumber=16605
    Keywords: Authorisation; Hidden Markov models; Knowledge based systems; Operating system kernels; Safety systems; HMMs; Alternative data models; Data modeling methods; Illegitimate activities; Intrusion detection systems; Legitimate activities; Normal behavior; Observable data; Observed sequences; Operating system kernel; Relative frequencies; Rule induction technique; Simple enumeration; System calls; System-call data sets.
    Academic Unit: Faculty of Science and Engineering > Computer Science
    Item ID: 1418
    Depositing User: Barak Pearlmutter
    Date Deposited: 02 Jun 2009 11:30
    Refereed: Yes
    URI:
    Use Licence: This item is available under a Creative Commons Attribution Non Commercial Share Alike Licence (CC BY-NC-SA). Details of this licence are available here

    Repository Staff Only(login required)

    View Item Item control page

    Downloads

    Downloads per month over past year

    Origin of downloads

    Altmetric
    MURAL - Maynooth University Research Archive Library is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.