Process Profiling Using Frequencies of System Calls

Authors:
Surekha Mariam Varghese;K. Poulose Jacob
Affiliations:
M.A. College of Engineering Kothamangalam, India;Cochin University of Science and Technology, Kochi, India
Venue:
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Year:
2007

Citing 0
Cited 2

A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference

Journal of Network and Computer Applications
A multi-core security architecture based on EFI

OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we discuss our research in developing general and systematic method for anomaly detection. The key ideas are to represent normal program behaviour using system call frequencies and to incorporate probabilistic techniques for classification to detect anomalies and intrusions. Using experiments on the sendmail system call data, we demonstrate that we can construct concise and accurate classifiers to detect anomalies. We provide an overview of the approach that we have implemented.