Abstract
Intrusion detection, especially anomaly detection, requires sufficient security background knowledge. It is very significant to recognize system anomaly behavior under the condition of poor domain knowledge. In this paper, the general methods for system calls anomaly detection are summarized and HMM used for anomaly detection is deeply discussed from detection theory, system framework and detection methods. Moreover, combining with experiments, the detection efficiency and real-time performance of HMM with all-states transition and part-states transition are analyzed in detail in the paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R., Khattak, A.: The use of information retrieval techniques for intrusion detection (2004), http://www.raid-symposium.org/raid98/index.html
Terran, L.: Hidden markov models for human/computer interface modeling. In: Proceedings of the IJCAI-99 Workshop on Learning about Users, Stockholm, Sweden, pp. 35–44. Morgan Kaufmann Publishers, San Francisco (1999)
Nong, Y.: A Markov chain model of temporal behavior for anomaly detection. In: Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, pp. 171–174. IEEE Computer Society Press, New York (2000)
Sung, B.C., Hyuk, J.P.: Efficient anomaly detection by modeling privilege flows using hidden Markov model. Computers & Security 22(1), 45–55 (2003)
Stephanie, F., et al.: A sense of self for unix processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 120–128. IEEE Computer Society Press, Los Alamitos (1996)
Steven, A.H., Stephanie, F., Anil, S.: Intrusion detection using sequences of system calls. Journal of Computer Security 6(3), 151–180 (1998)
Helman, P., Bhangoo, J.: A statistically based system for prioritizing information exploration under uncertainty. IEEE Transactions on Systems, Man and Cyberneticsm, Part A: Systems and Humans 27(4), 449–466 (1997)
Wenke, L., Salvatore, J.S., Chan, P.K.: Learning patterns from UNIX process execution traces for intrusion detection. In: AAAI Workshop on AI Approaches to Fraud Detection and Risk Management, pp. 50–56. AAAI press, Menlo Park (1997)
Christina, W., Stephanie, F., Barak, P.: Detecting intrusions using system calls: alternative data models. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, California, pp. 133–145. IEEE Computer Society Press, Los Alamitos (1999)
Snyder, D.: On-line intrusion detection using sequences of system calls. Master’s thesis, Department of Computer Science, Florida State University (2001)
Jinhui-xie: HMM and its application in speech recognition (in Chinese). Huazhong University of Technology Press, Wuhan (1995)
Computer Immune Systems Data Sets. University of New Mexico (2004), http://www.cs.unm.edu/~immsec/data/synth-sm.html
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Qian, Q., Xin, M. (2007). Research on Hidden Markov Model for System Call Anomaly Detection. In: Yang, C.C., et al. Intelligence and Security Informatics. PAISI 2007. Lecture Notes in Computer Science, vol 4430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71549-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-71549-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71548-1
Online ISBN: 978-3-540-71549-8
eBook Packages: Computer ScienceComputer Science (R0)