Abstract
System call sequences are useful criteria to judge the behaviors of processes. How to generate an efficient matching algorithm and how to build up an implementable system are two of the most difficult problems. In this paper, we explore the possibility of extending consecutive system call to incorporate temporal signature to the Host-based Intrusion Detection System. In this model, we use the real-time detected system call sequences and their consecutive time interval as the data source, and use temporal signature to filter the real model. During the monitoring procedure, we use data mining methods to analyze the source dynamically and implement incremental learning mechanism. Through studying small size samples and incremental learning, the detecting ability of the system can be still good when the sample’s size is small. This paper also introduces the key technologies to build such a system, and verifies this intrusion detection method in real time environment. Finally, this paper gives the experiments results to verify the availability and efficiency of our system.
The work was supported by the Hi-Tech Research and Development Program of China under Grant No.2006AA01Z441.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Yin, Q., Zhang, R.: A new intrusion detection method based on linear prediction. In: The 3rd international conference on Information security, vol. 85, pp. 160–165 (2004)
Jones, A., Li, S.: Temporal Signatures for Intrusion Detection. In: 17th Annual Computer Security Applications Conference (ACSAC’01), p. 0252 (2001)
S. Kumar, E. H. Spafford. A software architecture to support misuse intrusion detection. In: 18th National Information Security Conference, pp. 194-204 (1995)
Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering 21(3), 181–199 (1995)
Lunt, T., Tamaru, A., Gilham, F., Jagannathan, R., Neumann, P., Javitz, H., Valdes, A., Garvey, T.: A real-time intrusion detection expert system (IDES) - final technical report. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California (1992)
Bro, V.P.: A system for detecting network intruders in real-time. Computer Networks 31(23-24), 2435–2463 (1999)
Inc. Network Flight Recorder. Network flight recorder (1997), http://www.nfr.com
Forrest, S., Hofmeyr, S., Somayaji, S.: Computer Immunology. Communications of the ACM 40(10), 88–96 (1997)
Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: 7th USENIX Security Symposium (1998)
Lee, W., Stolfo, S.J: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security 3(4), 227–261 (2000)
Feng, H.H., Giffin, J.T., Huang, Y., lha, S., Lee, W., Miller, B.P.: Formalizing Sensitivity in Static Analysis for Intrusion Detection. In: The 2004 IEEE Symposium on Security and Privacy, pp. 194–208 (2004)
Wanger, D., Dean, D.: Intrusion Detection via Static Analysis. In: The 2001 IEEE Symposim on Security and Privacy, pp. 156–168 (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Pu, S., Lang, B. (2007). An Intrusion Detection Method Based on System Call Temporal Serial Analysis. In: Huang, DS., Heutte, L., Loog, M. (eds) Advanced Intelligent Computing Theories and Applications. With Aspects of Theoretical and Methodological Issues. ICIC 2007. Lecture Notes in Computer Science, vol 4681. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74171-8_65
Download citation
DOI: https://doi.org/10.1007/978-3-540-74171-8_65
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74170-1
Online ISBN: 978-3-540-74171-8
eBook Packages: Computer ScienceComputer Science (R0)