Skip to Main Content
Evidence of some attacks can be manifested by abnormal sequences of system calls of programs. Most approaches that have been developed so far mainly concentrate on some program-specific behaviors and ignore some plain behaviors of programs. According to the concept of locality of reference, programs tend to spend most of their time on a few lines of code rather than other parts of the program. We use this finding to propose a method of loop reduction. A loop reduction algorithm, when applied to a series of system calls, eliminates redundant data. We did experiments for the comparison before and after loop reduction with the same detection approach. The preliminary results show that loop reduction improves the quality of training data by removing redundancy.