Los Angeles, CA
March 31, 2009 to April 2, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSIE.2009.817
Distance metric is critical to the performance of intrusion detection systems. Frequency weighted Hamming distance(FWHD) fully exploits system call distribution information contained in normal traces, and possesses richer information compared to Hamming distance. Our experiments show that FWHD behaves better than Hamming distance when used for system call anomaly detection.
Ying Wu, Jianhui Jiang, "Frequency Weighted Hamming Distance for System Call Anomaly Detection", CSIE, 2009, 2009 WRI World Congress on Computer Science and Information Engineering, CSIE, 2009 WRI World Congress on Computer Science and Information Engineering, CSIE 2009, pp. 105-109, doi:10.1109/CSIE.2009.817