Detecting Intrusions through System Call Sequence and Argument Analysis

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Federico Maggi Articles by Matteo Matteucci Articles by Stefano Zanero

PrePrint

ISSN: 1545-5971

	ASCII Text	x
	Federico Maggi, Matteo Matteucci, Stefano Zanero, "Detecting Intrusions through System Call Sequence and Argument Analysis," IEEE Transactions on Dependable and Secure Computing, vol. 99, no. 1, pp. , , 5555.

	BibTex	x
	@article{ 10.1109/TDSC.2008.69, author = {Federico Maggi and Matteo Matteucci and Stefano Zanero}, title = {Detecting Intrusions through System Call Sequence and Argument Analysis}, journal ={IEEE Transactions on Dependable and Secure Computing}, volume = {99}, number = {1}, issn = {1545-5971}, year = {5555}, doi = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.69}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Dependable and Secure Computing TI - Detecting Intrusions through System Call Sequence and Argument Analysis IS - 1 SN - 1545-5971 SP EP EPD - A1 - Federico Maggi, A1 - Matteo Matteucci, A1 - Stefano Zanero, PY - 5555 KW - Network-level security and protection KW - Security KW - Invasive software (viruses KW - worms KW - Trojan horses) KW - Unauthorized access (hacking KW - phreaking) KW - Security VL - 99 JA - IEEE Transactions on Dependable and Secure Computing ER -

Federico Maggi, Politecnico di Milano, Milano

Matteo Matteucci, Politecnico di Milano, Milano

Stefano Zanero, Politecnico di Milano, Milano

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.69

We describe an unsupervised host-based intrusion detection system based on system calls arguments and sequences. We define a set of anomaly detection models for the individual parameters of the call. We then describe a clustering process which helps to better fit models to system call arguments, and creates inter-relations among different arguments of a system call. Finally, we add a behavioral Markov model in order to capture time correlations and abnormal behaviors. The whole system needs no prior knowledge input; it has a good signal to noise ratio, and it is also able to correctly contextualize alarms, giving the user more information to understand whether a true or false positive happened, and to detect global variations over the entire execution flow, as opposed to punctual ones over individual instances.

Index Terms:

Network-level security and protection, Security, Invasive software (viruses, worms, Trojan horses), Unauthorized access (hacking, phreaking), Security

Citation:

Federico Maggi, Matteo Matteucci, Stefano Zanero, "Detecting Intrusions through System Call Sequence and Argument Analysis," IEEE Transactions on Dependable and Secure Computing, 05 Nov. 2008. IEEE computer Society Digital Library. IEEE Computer Society, <http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.69>

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.