Utilizing statistical characteristics of N-grams for intrusion detection

Zhuowei Li, A. Das, Sukumar Nandi
{"title":"Utilizing statistical characteristics of N-grams for intrusion detection","authors":"Zhuowei Li, A. Das, Sukumar Nandi","doi":"10.1109/CYBER.2003.1253494","DOIUrl":null,"url":null,"abstract":"Information and infrastructure security is a serious issue of global concern. As the last line of defense for security infrastructure, intrusion detection techniques are paid more and more attention. In this paper, one anomaly-based intrusion detection technique (ScanAID: Statistical ChAracteristics of N-grams for Anomaly-based Intrusion Detection) is proposed to detect intrusive behaviors in a computer system. The statistical properties in sequences of system calls are abstracted to model the normal behaviors of a privileged process, in which the model is characterized by a vector of anomaly values of N-grams. With a reasonable definition of efficiency parameter, the length of an N-gram and the size of the training dataset are optimized to get an efficient and compact model. Then, with the optimal modeling parameters, the flexibility and efficiency of the model are evaluated by the ROC curves. Our experimental results show that the proposed statistical anomaly detection technique is promising and deserves further research (such as applying it to network environments).","PeriodicalId":130458,"journal":{"name":"Proceedings. 2003 International Conference on Cyberworlds","volume":"103 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 2003 International Conference on Cyberworlds","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CYBER.2003.1253494","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 17

Abstract

Information and infrastructure security is a serious issue of global concern. As the last line of defense for security infrastructure, intrusion detection techniques are paid more and more attention. In this paper, one anomaly-based intrusion detection technique (ScanAID: Statistical ChAracteristics of N-grams for Anomaly-based Intrusion Detection) is proposed to detect intrusive behaviors in a computer system. The statistical properties in sequences of system calls are abstracted to model the normal behaviors of a privileged process, in which the model is characterized by a vector of anomaly values of N-grams. With a reasonable definition of efficiency parameter, the length of an N-gram and the size of the training dataset are optimized to get an efficient and compact model. Then, with the optimal modeling parameters, the flexibility and efficiency of the model are evaluated by the ROC curves. Our experimental results show that the proposed statistical anomaly detection technique is promising and deserves further research (such as applying it to network environments).
利用n -图的统计特征进行入侵检测
信息和基础设施安全是全球关注的重大问题。入侵检测技术作为安全基础设施的最后一道防线,越来越受到人们的重视。本文提出了一种基于异常的入侵检测技术(ScanAID: Statistical ChAracteristics of N-grams for anomaly-based intrusion detection),用于检测计算机系统中的入侵行为。将系统调用序列中的统计属性抽象为特权进程的正常行为模型,该模型用N-grams异常值向量来表征。通过合理定义效率参数,优化N-gram的长度和训练数据集的大小,得到高效紧凑的模型。然后,利用最优建模参数,通过ROC曲线对模型的灵活性和效率进行评价。实验结果表明,所提出的统计异常检测技术是有前途的,值得进一步研究(例如将其应用于网络环境)。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信