TY - GEN
T1 - Detecting intrusions using system calls
T2 - 1999 IEEE Symposium on Security and Privacy
AU - Warrender, Christina
AU - Forrest, Stephanie
AU - Pearlmutter, Barak
N1 - Publisher Copyright:
© 1999 IEEE.
PY - 1999
Y1 - 1999
N2 - Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. We study one such observable-sequences of system calls into the kernel of an operating system. Using system-call data sets generated by several different programs, we compare the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions. We compare the following methods: simple enumeration of observed sequences; comparison of relative frequencies of different sequences; a rule induction technique; and hidden Markov models (HMMs). We discuss the factors affecting the performance of each method and conclude that for this particular problem, weaker methods than HMMs are likely sufficient.
AB - Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. We study one such observable-sequences of system calls into the kernel of an operating system. Using system-call data sets generated by several different programs, we compare the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions. We compare the following methods: simple enumeration of observed sequences; comparison of relative frequencies of different sequences; a rule induction technique; and hidden Markov models (HMMs). We discuss the factors affecting the performance of each method and conclude that for this particular problem, weaker methods than HMMs are likely sufficient.
UR - http://www.scopus.com/inward/record.url?scp=84880174811&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84880174811&partnerID=8YFLogxK
U2 - 10.1109/SECPRI.1999.766910
DO - 10.1109/SECPRI.1999.766910
M3 - Conference contribution
AN - SCOPUS:84880174811
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 133
EP - 145
BT - Proceedings of the 1999 IEEE Symposium on Security and Privacy
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 9 May 1999 through 12 May 1999
ER -