A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Intrusion detection using sequences of system calls
Journal of Computer Security
A statistically based system for prioritizing information exploration under uncertainty
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Anomaly detection inspired by immune network theory: a proposal
CEC'09 Proceedings of the Eleventh conference on Congress on Evolutionary Computation
Advanced probabilistic approach for network intrusion forecasting and detection
Expert Systems with Applications: An International Journal
Information Sciences: an International Journal
Hi-index | 0.01 |
Intrusion detection, especially anomaly detection, requires sufficient security background knowledge. It is very significant to recognize system anomaly behavior under the condition of poor domain knowledge. In this paper, the general methods for system calls anomaly detection are summarized and HMM used for anomaly detection is deeply discussed from detection theory, system framework and detection methods. Moreover, combining with experiments, the detection efficiency and real-time performance of HMM with all-states transition and part-states transition are analyzed in detail in the paper.