An Intrusion Detection Model Based on the Maximum Likelihood Short System Call Sequence

Jia, Chunfu; Zhong, Anming

doi:10.1007/978-3-540-37258-5_80

Chunfu Jia^3,4 &
Anming Zhong³

Part of the book series: Lecture Notes in Control and Information Sciences ((LNCIS,volume 345))

67 Accesses

Abstract

The problem of intrusion detection based on sequences of system calls is studied. Using Markov model to describe the transition rule of system calls of a process, an intrusion detection model based on the maximum likelihood short system call sequence is proposed. During the training phase, the Viterbi algorithm is used to obtain the maximum likelihood short system call sequence, which forms the normal profile database of a process, during the detecting phase, the system call sequence generated by a process is compared with the maximum likelihood sequence in its normal profile database to detect the intrusions. Experiments reveal good detection performance and quick computation speed of this model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Forrest, S., Hofmeyr, S.A., Longstaff, T.A.: A Sense of Self for UNIX Processes. Proc. IEEE Symposium on Security and Privacy, Los Alamitos, CA. (1996) 120–128
Google Scholar
Kosoresow, A.P., Hofmeyr, S.A.: Intrusion Detection via System Call Traces. IEEE Software. 11 (1997) 35–42
Article Google Scholar
Denning, D.: An Intrusion Detection Model. IEEE Transactions on Software Engineering. 13 (1981) 118–132
Google Scholar
Ye, N., Li, X., Chen, Q.: Probabilistic Techniques for Intrusion Detection Based on Computer Audit Data. IEEE Transaction on System, Man, and Cybernetics-Part A: Systems and Humans. 31 (2001) 266–274
Article Google Scholar
Zhong, A.M., Jia, C.F.: Study on the Applications of Hidden Markov Model to Computer Intrusion Detections. Proc. of the 5^th WCICA, Hangzhou, China. (2004) 4352–4356
Google Scholar
Schonlau, M., Du, M.W., Ju, W.H.: Computer Intrusion: Detecting Masquerades. Statistical Science. 16 (2001) 1–17
MATH MathSciNet Google Scholar

Download references

Author information

Authors and Affiliations

College of Information Technology and Science, Nankai University, Tianjin, 300071
Chunfu Jia & Anming Zhong
College of Information Science and Technology, University of Sciences and Technology of China, Hefei, 230026, China
Chunfu Jia

Authors

Chunfu Jia
View author publications
You can also search for this author in PubMed Google Scholar
Anming Zhong
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Institute of Intelligent Machines, Chinese Academy of Sciences, Hefei, Anhui, China
De-Shuang Huang
Queen’s University, Belfast, UK
Kang Li & George William Irwin &

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Jia, C., Zhong, A. (2006). An Intrusion Detection Model Based on the Maximum Likelihood Short System Call Sequence. In: Huang, DS., Li, K., Irwin, G.W. (eds) Intelligent Computing in Signal Processing and Pattern Recognition. Lecture Notes in Control and Information Sciences, vol 345. Springer, Berlin, Heidelberg . https://doi.org/10.1007/978-3-540-37258-5_80

Download citation

DOI: https://doi.org/10.1007/978-3-540-37258-5_80
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37257-8
Online ISBN: 978-3-540-37258-5
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics