Detecting Flaws and Intruders with Visual Data Analysis
IEEE Computer Graphics and Applications
MORPHEUS: motif oriented representations to purge hostile events from unlabeled sequences
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Prevention of information attacks by run-time detection of self-replication in computer codes
Journal of Computer Security
A survey of security visualization for computer network logs
Security and Communication Networks
Hi-index | 0.00 |
Various approaches have been proposed to discoverpatterns from system call trails of UNIX processes tobetter model application behavior. However, thesetechniques only consider relationship between systemcalls (or system audit events). In this paper, we firstrefine the definition of maximal patterns given in [8] andprovide a pattern extraction algorithm to identify suchmaximal patterns. We then add one additional dimensionto the problem domain by also taking into considerationthe overlap relationship between patterns. We argue thatan execution path of an application is usually not anarbitrary combination of various patterns; but rather,they overlap each other in some specific order. Suchoverlap relationship characterizes the normal behavior ofthe application. Finally, a novel pattern matchingmodule is proposed to detect intrusions based on bothintra-pattern and inter-pattern anomalies. We test thisidea using the data sets obtained from the University ofNew Mexico. The experimental results indicate that ourscheme detect significantly more anomalies than thescheme presented in [8] while maintaining a very lowfalse alarm rate.