Sequential Frequency Vector Based System Call Anomaly Detection

Ying Wu; Jianhui Jiang; Liangliang Kong

doi:10.1109/PRDC.2010.26

P
PRDC
2010
2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing
Abstract - Sequential Frequency Vector Based System Call Anomaly Detection

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Ying Wu Articles by Jianhui Jiang Articles by Liangliang Kong

2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing

Sequential Frequency Vector Based System Call Anomaly Detection

Tokyo, Japan

December 13-December 15

ISBN: 978-0-7695-4289-8

	ASCII Text	x
	Ying Wu, Jianhui Jiang, Liangliang Kong, "Sequential Frequency Vector Based System Call Anomaly Detection," Pacific Rim International Symposium on Dependable Computing, IEEE, pp. 215-222, 2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing, 2010.

	BibTex	x
	@article{ 10.1109/PRDC.2010.26, author = {Ying Wu and Jianhui Jiang and Liangliang Kong}, title = {Sequential Frequency Vector Based System Call Anomaly Detection}, journal ={Pacific Rim International Symposium on Dependable Computing, IEEE}, volume = {0}, year = {2010}, isbn = {978-0-7695-4289-8}, pages = {215-222}, doi = {http://doi.ieeecomputersociety.org/10.1109/PRDC.2010.26}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Pacific Rim International Symposium on Dependable Computing, IEEE TI - Sequential Frequency Vector Based System Call Anomaly Detection SN - 978-0-7695-4289-8 SP215 EP222 A1 - Ying Wu, A1 - Jianhui Jiang, A1 - Liangliang Kong, PY - 2010 KW - intrusion detection KW - system call KW - sequential frequency vector KW - enumerating model KW - KNN scheme VL - 0 JA - Pacific Rim International Symposium on Dependable Computing, IEEE ER -

Ying Wu

Jianhui Jiang

Liangliang Kong

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PRDC.2010.26

Although either of temporal ordering and frequency distribution information embedded in process traces can profile normal process behaviors, but none of ever published schemes uses both of them to detect system call anomaly. This paper claims combining those two kinds of useful information can improve detection performance and firstly proposes sequential frequency vector (SFV) to exploit both temporal ordering and frequency information for system call anomaly detection. Extensive experiments on DARPA-1998 and UNM dataset have substantiated the claim. It is shown that SFV contains richer information and significantly outperforms other techniques in achieving lower false positive rates at 100% detection rate.

Index Terms:

intrusion detection, system call, sequential frequency vector, enumerating model, KNN scheme

Citation:

Ying Wu, Jianhui Jiang, Liangliang Kong, "Sequential Frequency Vector Based System Call Anomaly Detection," prdc, pp.215-222, 2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing, 2010

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.