Native API Based Windows Anomaly Intrusion Detection Method Using SVM

S
SUTC
2006
IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing -Vol 1 (SUTC'06)
Abstract - Native API Based Windows Anomaly Intrusion Detection Method Using SVM

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Miao Wang Articles by Cheng Zhang Articles by Jingjing Yu

IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing -Vol 1 (SUTC'06)

Taichung, Taiwan

June 05-June 07

ISBN: 0-7695-2553-9

	ASCII Text	x
	Miao Wang, Cheng Zhang, Jingjing Yu, "Native API Based Windows Anomaly Intrusion Detection Method Using SVM," Sensor Networks, Ubiquitous, and Trustworthy Computing, International Conference on, vol. 1, pp. 514-519, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing -Vol 1 (SUTC'06), 2006.

	BibTex	x
	@article{ 10.1109/SUTC.2006.95, author = {Miao Wang and Cheng Zhang and Jingjing Yu}, title = {Native API Based Windows Anomaly Intrusion Detection Method Using SVM}, journal ={Sensor Networks, Ubiquitous, and Trustworthy Computing, International Conference on}, volume = {1}, year = {2006}, isbn = {0-7695-2553-9}, pages = {514-519}, doi = {http://doi.ieeecomputersociety.org/10.1109/SUTC.2006.95}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Sensor Networks, Ubiquitous, and Trustworthy Computing, International Conference on TI - Native API Based Windows Anomaly Intrusion Detection Method Using SVM SN - 0-7695-2553-9 SP514 EP519 A1 - Miao Wang, A1 - Cheng Zhang, A1 - Jingjing Yu, PY - 2006 KW - null VL - 1 JA - Sensor Networks, Ubiquitous, and Trustworthy Computing, International Conference on ER -

Miao Wang, Xi?an Jiaotong University, China

Cheng Zhang, Xi?an Jiaotong University, China

Jingjing Yu, Shaanxi Normal University, China

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SUTC.2006.95

While many researches of Host Anomaly Detection System using system calls under UNIX/UNIX-like systems have been done but little in Windows systems, we do the similar research under Windows platforms via tracing the sequences of Windows Native APIs which are considered as the Windows system calls. In this article, we first introduce Native API briefly and then divide the captured sequences with slide window method to establish normal pattern database. Then Support Vector Machine Method is used for anomaly detection due to its advantages in small-scale dataset and generalization capability. The main purpose of this paper is to prove that Windows Native APIs are plausibly possible data source for Host Anomaly Detection System under Windows platforms.

Citation:

Miao Wang, Cheng Zhang, Jingjing Yu, "Native API Based Windows Anomaly Intrusion Detection Method Using SVM," sutc, vol. 1, pp.514-519, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing -Vol 1 (SUTC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.