Intrusion Anomaly Detection based on Sequence

doi:10.23940/ijpe.18.02.p11.300309

Abstract

Abstract:

For single event sequences, a new anomaly detection method based on SV-LFSP (Short Variable-Length Frequent Sequence Pattern) is presented in this paper. Considering the structure character of procedure calling sequences generated by computer programs, the method defines SV-LFSP and contains three fundamental elements in the program flow, sequence, iteration and selection. To build the SV-LFSP library, the SV-LFSP generation algorithm is used. Essentially, this algorithm follows the idea of TEIRESIAS, with an additional redundancy controlling mechanism. Event flow chart, which has the capability of describing program behavior accurately, is a visual version of the SV-LFSP library. This new method is superior to previously provided frequent episode pattern matching algorithms for compact detection models, with high detection efficiency and low time delays.

Gangyue Lei. Intrusion Anomaly Detection based on Sequence [J]. Int J Performability Eng, 2018, 14(2): 300-309.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References 0

	Saihua Cai, “Research on Component Security Anomaly Detection Method Based on Monitoring Log Mining”, Jiangsu University, 2016
	Jing Du, Yuanyuan Chen, “Anomaly Detection Based on Hidden Markov Model (HMM)”, Journal of Taiyuan University of Science and Technology, vol.9, pp. 16-19, 2008.
	A. Hofmeyr, A. Somayaji, and S. Forrest, “Intrusion Detection System Using Sequences of System Calls”, Journal of Computer Security, vol.6, no.3, pp.151-180, 1998
	Yu Ji, “Study on the Key Problems in the Process of Sequential Pattern Discovery”, HeFei University of Technology, 2008
	Guoyuan Lin, “Research on Anomaly Detection Based on Host Behavior”, Nanjing University, 2011
	Hongli Li, “Research on Behavior Matching and Evaluation of Time Series”, The PLA Information Engineering University, 2014
	Shangzhe Shi, “Anomaly Detection Based on Hidden Markov Model”, Yangzhou University, 2012
	Ying Sun, “Research and Implementation of the Key Problems in the Process of Sequential Pattern Discovery”, HeFei University of Technology, 2005
	Kai Xiong, “Research on Frequent Sequence and Closed Sequence Mining Method Based on Minimum Position”, Northeastern University, 2012
	Jifeng Yu, “Anomaly Detection Research of Web Application Based on Data Mining”, Huazhong University of Science and Technology, 2011
	Yang Yang, “Research on Intrusion Detection Technology Based on Linux Process Behavior”, University of Electronic Science and technology of China, 2014
	Jing Zhao, “Research and Application of Network Protocol Anomaly Detection Model”, Beijing Jiaotong University, 2010