IEEE Intelligent Systems
An Apriori-Based Algorithm for Mining Frequent Substructures from Graph Data
PKDD '00 Proceedings of the 4th European Conference on Principles of Data Mining and Knowledge Discovery
Structure induction by lossless graph compression
DCC '07 Proceedings of the 2007 Data Compression Conference
Mining graph patterns efficiently via randomized summaries
Proceedings of the VLDB Endowment
Compression of Graphical Structures: Fundamental Limits, Algorithms, and Experiments
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
Targeted cyber-attacks present significant threat to modern computing systems. Modern industrial control systems (SCADA) or military networks are example of high value targets with potentially severe implications in case of successful attack. Anomaly detection can provide solution to targeted attacks as attack is likely to introduce some distortion to observable system activity. Most of the anomaly detection has been done on the level of sequences of system calls and is known to have problems with high false alarm rates. In this paper, we show that better results can be obtained by performing behavioral analysis on higher semantic level. We observe that many critical computer systems serve a specific purpose and are expected to run strictly limited sets of software. We model this behavior by creating customized normalcy profile of this system and evaluate how well does anomaly based detection work in this scenario.