Anomaly Detection Method Based on HMMs Using System Call and Call Stack Information

机译：基于HMM的系统调用和调用栈信息异常检测方法

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Anomaly detection has emerged as an important approach to computer security. In this paper, a new anomaly detection method based on Hidden Markov Models (HMMs) is proposed to detect intrusions. Both system calls and return addresses from the call stack of the program are extracted dynamically to train and test HMMs. The states of the models are associated with the system calls and the observation symbols are associated with the sequences of return addresses from the call stack. Because the states of HMMs are observable, the models can be trained with a simple method which requires less computation time than the classical Baum-Welch method. Experiments show that our method reveals better detection performance than traditional HMMs based approaches.

机译：异常检测已成为计算机安全的重要方法。提出了一种基于隐马尔可夫模型（HMM）的异常检测方法。系统调用和程序调用堆栈中的返回地址都被动态提取以训练和测试HMM。模型的状态与系统调用关联，观察符号与来自调用堆栈的返回地址序列关联。因为HMM的状态是可观察到的，所以可以用一种简单的方法来训练模型，该方法比传统的Baum-Welch方法需要更少的计算时间。实验表明，与传统的基于HMM的方法相比，我们的方法具有更好的检测性能。

著录项

来源
《International Conference on Computational Intelligence and Security(CIS 2005) pt.2; 20051215-19; Xi'an(CN)》|2005年|P.315-321|共7页
会议地点 Xian(CN)
作者
Cheng Zhang; Qinke Peng;
展开▼
作者单位

State Key Laboratory for Manufacturing Systems and School of Electronic and Information Engineering, Xi'an Jiaotong University, Xi'an 710049, China;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类计算技术、计算机技术;人工智能理论;
关键词

相似文献

外文文献
中文文献
专利

1. A statistical pattern based feature extraction method on system call traces for anomaly detection [J] . Liu Zhen, Japkowicz Nathalie, Wang Ruoyu, Information and software technology . 2020,第Octa期

机译：基于统计模式的系统呼叫迹线对异常检测的特征提取方法
2. Feature representation and selection in malicious code detection methods based on static system calls [J] . Ding Yuxin, Yuan Xuebing, Zhou Di, Computers & Security . 2011,第6a7期

机译：基于静态系统调用的恶意代码检测方法中的特征表示和选择
3. Guarded methods vs. inheritance anomaly: inheritance anomaly solved by nested guarded method calls [J] . Szabolcs Ferenczi ACM SIGPLAN Notices: A Monthly Publication of the Special Interest Group on Programming Languages . 1995,第2期

机译：保护方法与继承异常：通过嵌套的保护方法调用解决了继承异常
4. Anomaly Detection Method Based on HMMs Using System Call and Call Stack Information [C] . Cheng Zhang, Qinke Peng International Conference on Computational Intelligence and Security pt.2 . 2005

机译：基于HMMS使用系统呼叫和呼叫堆栈信息的异常检测方法
5. Anomaly detection system using system calls for Android smartphone system [D] . Amamra, Abdelfattah 2015

机译：使用Android智能手机系统的系统调用的异常检测系统
6. dissectHMMER: a HMMER-based score dissection framework that statistically evaluates fold-critical sequence segments for domain fold similarity [O] . Wing-Cheong Wong, Choon-Kong Yap, Birgit Eisenhaber, 2015

机译：dissectHMMER：基于HMMER的分数解剖框架可统计评估关键折叠序列片段的域折叠相似性
7. Study on HMM Based Anomaly Intrusion Detection Using System Calls [O] . Shang-zhe SHI, Mei-feng SUN 2012

机译：使用系统呼叫的肝化异常入侵检测研究
8. Anomaly-Based Intrusion Detection Systems Utilizing System Call Data. [R] . Skormin, V. A. 2012

机译：基于异常的入侵检测系统利用系统调用数据。

Anomaly Detection Method Based on HMMs Using System Call and Call Stack Information

摘要

著录项

相似文献

相关主题

期刊订阅