Time series: theory and methods
Time series: theory and methods
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Communications of the ACM
Anomaly detection: a soft computing approach
NSPW '94 Proceedings of the 1994 workshop on New security paradigms
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Automated discovery of concise predictive rules for intrusion detection
Journal of Systems and Software
Intrusion Detection via System Call Traces
IEEE Software
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse
IEEE Transactions on Software Engineering
ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Intrusion Detection Applying Machine Learning to Solaris Audit Data
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Markov Chains, Classifiers, and Intrusion Detection
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
An new intrusion detection method based on linear prediction
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Proactive anomaly detection using distributed intelligent agents
IEEE Network: The Magazine of Global Internetworking
An new intrusion detection method based on linear prediction
InfoSecu '04 Proceedings of the 3rd international conference on Information security
An intrusion detection method based on system call temporal serial analysis
ICIC'07 Proceedings of the intelligent computing 3rd international conference on Advanced intelligent computing theories and applications
Hi-index | 0.00 |
Intrusion detection has emerged as an important approach to network security. A new method for anomaly intrusion detection is proposed based on linear prediction and Markov chain model. Linear prediction is employed to extract features from system calls sequences of the privileged processes, and the Markov chain model is founded based on those features. The observed behavior of the system is analyzed to infer the probability that the Markov chain model of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. Markov information source entropy (MISE) and condition entropy (CE) are used to select parameters. The merits of the model are simple and exact to predict. The experiments show this method is effective and efficient, and can be used in practice to monitor the computer system in real time.