Sequence-similarity kernels for SVMs to detect anomalies in system calls

Tian, Shengfeng; Mu, Shaomin; Chao, Yin

doi:10.1016/j.neucom.2006.10.017

Cited by 27 publications

(8 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Neither encoding the sequence into features nor applying an algorithm which is made for sequential information (i.e., CRF) outperforms a simple model (i.e., NB). This is in contrast with studies on intrusion detection, where it was shown advantageous to take into account the structure of system calls, utilizing Conditional Random Fields (CRF) [9] and special kernel functions to measure the similarity of sequences [23]. Structured models in terms of special tree kernel functions outperformed n-gram representations when detecting malicious SQL queries [1].…”

Section: Resultsmentioning

confidence: 84%

Towards Adjusting Mobile Devices to User’s Behaviour

Fricke

Jungermann

Morik

et al. 2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Mobile devices are a special class of resource-constrained embedded devices. Computing power, memory, the available energy, and network bandwidth are often severely limited. These constrained resources require extensive optimization of a mobile system compared to larger systems. Any needless operation has to be avoided. Timeconsuming operations have to be started early on. For instance, loading files ideally starts before the user wants to access the file. So-called prefetching strategies optimize system's operation. Our goal is to adjust such strategies on the basis of logged system data. Optimization is then achieved by predicting an application's behavior based on facts learned from earlier runs on the same system. In this paper, we analyze system-calls on operating system level and compare two paradigms, namely server-based and device-based learning. The results could be used to optimize the runtime behaviour of mobile devices.

show abstract

Section: Resultsmentioning

confidence: 84%

Towards Adjusting Mobile Devices to User’s Behaviour

Fricke

Jungermann

Morik

et al. 2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In Wang et al, 20 Swarnkar and Hubballi, 21 and Wang and Stolfo, 22 the sequential IDSs are suggested for the detection of anomalous sequences containing subsections of which their inherent frequency is unexpected. The latest is an IDS known as Rangegram, 23 which effectively produces a Normality model within ordinary sequences of the high-order n-grams with a maximum and minimum range of frequency. In a test sequence, the author analyzed that the n-grams increased from the normal range in case network intrusion.…”

Section: Related Workmentioning

confidence: 99%

“…The sequential IDSs like Tian et al, 23 Michlovskyé t al., 24 and Haddadi 25 analyzed based on the sequences they contain to identify ordinary sequences with much difference. These IDSs use a version of the SSK 26 to implicitly map sequence into a large function space where distances between sequences are equivalent.…”

Section: Related Workmentioning

confidence: 99%

“…These IDSs use a version of the SSK 26 to implicitly map sequence into a large function space where distances between sequences are equivalent. For instance, in a semi-supervised situation, Tian et al 23 applied the SSK along with OCSVM for intrusion detection in computer scheme that is described in abnormal system subsequences. Because of their capacity to combine various base detectors with a view to optimizing the bias-variance trade, anomaly detection ensembles have grown popular in latest years.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Soft-computing-based false alarm reduction for hierarchical data of intrusion detection system

Singh

Krishnamoorthy

Nayyar

et al. 2019

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

A false alarm rate of online anomaly-based intrusion detection system is a crucial concern. It is challenging to implement in the real-world scenarios when these anomalies occur sporadically. The existing intrusion detection system has been developed to limit or decrease the false alarm rate. However, the state-of-the-art approaches are attack or algorithm specific, which is not generic. In this article, a soft-computing-based approach has been designed to reduce the false-positive rate for hierarchical data of anomaly-based intrusion detection system. The recurrent neural network model is applied to classify the data set of intrusion detection system and normal instances for various subclasses. The designed approach is more practical, reason being, it does not require any assumption or knowledge of the data set structure. Experimental evaluation is conducted on various attacks on KDDCup’99 and NSL-KDD data sets. The proposed method enhances the intrusion detection systems that can work with data with dependent and independent features. Furthermore, this approach is also beneficial for real-life scenarios with a low occurrence of attacks.

show abstract

“…Support vector machines are difficult to implement large scale training samples. It will consume a lot of memory and computing time [30] .…”

Section: Introductionmentioning

confidence: 99%

Anomaly detection based on a dynamic Markov model

Ren

2017

Information Sciences

View full text Add to dashboard Cite

a b s t r a c tAnomaly detection in sequence data is becoming more and more important in a wide variety of application domains such as credit card fraud detection, health care in medical field, and intrusion detection in cyber security. In the existing anomaly detection approaches, Markov chain techniques are widely accepted for their simple realization and few parameters. However, the short memory property of a classical Markov model ignores the interaction among data, and the long memory property of a higher order Markov model clouds the relationship between the previous data and current test data, and reduces the reliability of the model. Besides, both of these models cannot successfully describe the sequences changing with a tendency. In this paper, we propose an anomaly detection approach based on a dynamic Markov model. This approach segments sequence data by a sliding window. In the sliding window, we define the states of data according to the value of the data and establish a higher order Markov model with a proper order consequently, to balance the length of the memory property and keep up with the trend of sequences. In addition, an anomaly substitution strategy is proposed to prevent the detected anomalies from impacting the building of the models and keep anomaly detection continuously. The experimental results using simulated datasets and real-world datasets have demonstrated that the proposed approach improves the adaptability and stability of anomaly detection in sequence data.

show abstract

Sequence-similarity kernels for SVMs to detect anomalies in system calls

Cited by 27 publications

References 5 publications

Towards Adjusting Mobile Devices to User’s Behaviour

Towards Adjusting Mobile Devices to User’s Behaviour

Soft-computing-based false alarm reduction for hierarchical data of intrusion detection system

Anomaly detection based on a dynamic Markov model

Contact Info

Product

Resources

About