State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Communications of the ACM
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Temporal Signatures for Intrusion Detection
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
An new intrusion detection method based on linear prediction
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Hi-index | 0.00 |
System call sequences are useful criteria to judge the behaviors of processes. How to generate an efficient matching algorithm and how to build up an implementable system are two of the most difficult problems. In this paper, we explore the possibility of extending consecutive system call to incorporate temporal signature to the Host-based Intrusion Detection System. In this model, we use the real-time detected system call sequences and their consecutive time interval as the data source, and use temporal signature to filter the real model. During the monitoring procedure, we use data mining methods to analyze the source dynamically and implement incremental learning mechanism. Through studying small size samples and incremental learning, the detecting ability of the system can be still good when the sample's size is small. This paper also introduces the key technologies to build such a system, and verifies this intrusion detection method in real time environment. Finally, this paper gives the experiments results to verify the availability and efficiency of our system.