Detecting motifs in system call sequences

Authors:
William O. Wilson;Jan Feyereisl;Uwe Aickelin
Affiliations:
School of Computer Science, The University of Nottingham, UK;School of Computer Science, The University of Nottingham, UK;School of Computer Science, The University of Nottingham, UK
Venue:
WISA'07 Proceedings of the 8th international conference on Information security applications
Year:
2007

Citing 10
Cited 3

Fast subsequence matching in time-series databases

SIGMOD '94 Proceedings of the 1994 ACM SIGMOD international conference on Management of data
On Preventing Intrusions by Process Behavior Monitoring

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Probabilistic discovery of time series motifs

Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
MORPHEUS: motif oriented representations to purge hostile events from unlabeled sequences

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
The application of antigenic search techniques to time series forecasting

GECCO '05 Proceedings of the 7th annual conference on Genetic and evolutionary computation
Visualizing and discovering non-trivial patterns in large time series databases

Information Visualization
Discover motifs in multi-dimensional time-series using the principal component analysis and the MDL principle

MLDM'03 Proceedings of the 3rd international conference on Machine learning and data mining in pattern recognition
Motif detection inspired by immune memory

ICARIS'07 Proceedings of the 6th international conference on Artificial immune systems
Learning and optimization using the clonal selection principle

IEEE Transactions on Evolutionary Computation

On leveraging stochastic models for remote attestation

INTRUST'10 Proceedings of the Second international conference on Trusted Systems
A sense of others: behavioral attestation of UNIX processes on remote platforms

Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
Realization of dynamic behavior using remotely verifiable n-call slides in Unix process execution trace

Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication

Quantified Score

Hi-index	0.00

Visualization

Abstract

The search for patterns or motifs in data represents an area of key interest to many researchers. In this paper we present the Motif Tracking Algorithm, a novel immune inspired pattern identification tool that is able to identify unknown motifs which repeat within time series data. The power of the algorithm is derived from its use of a small number of parameters with minimal assumptions. The algorithm searches from a completely neutral perspective that is independent of the data being analysed and the underlying motifs. In this paper the motif tracking algorithm is applied to the search for patterns within sequences of low level system calls between the Linux kernel and the operating system's user space. The MTA is able to compress data found in large system call data sets to a limited number of motifs which summarise that data. The motifs provide a resource from which a profile of executed processes can be built. The potential for these profiles and new implications for security research are highlighted. A higher level system call language for measuring similarity between patterns of such calls is also suggested.