Computer Science and Information Engineering, World Congress on (2009)
Los Angeles, California USA
Mar. 31, 2009 to Apr. 2, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSIE.2009.817
Distance metric is critical to the performance of intrusion detection systems. Frequency weighted Hamming distance(FWHD) fully exploits system call distribution information contained in normal traces, and possesses richer information compared to Hamming distance. Our experiments show that FWHD behaves better than Hamming distance when used for system call anomaly detection.
Y. Wu and J. Jiang, "Frequency Weighted Hamming Distance for System Call Anomaly Detection," 2009 WRI World Congress on Computer Science and Information Engineering, CSIE(CSIE), Los Angeles, CA, 2009, pp. 105-109.