By Topic

An Intrusion Detection Approach Based on System Call Sequences and Rules Extraction

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Ye Qing ; Depart. of Inf. Security, Naval Univ. of Eng., Wuhan, China ; Wu Xiaoping ; Yan Bo

Intrusion detection systems protect normal users and system resources from information security threats. Anomaly detection is an approach of intrusion detection that constructs models of normal behavior of users or systems and detects the behaviors that deviate from the model. Monitoring the sequences of system calls generated during the execution of privileged programs has been known to be an effective means of anomaly detection. In this paper, an approach for anolymal intrusion detection is presented and applied to monitor the abnormal behavior of processes. The approach is based on rough set theory and capable of extracting a set of rules with the minimum size to form a normal behavior model from the record of system call sequences generated during the normal execution of a process. It may detect the abnormal operating status of a process. The normal behavior model in terms of the system call sequences is defined. And the detection algorithm is given for the application of rough set theory in intrusion detection. The illustrative example shows that it is feasible and effective.

Published in:

e-Business and Information System Security (EBISS), 2010 2nd International Conference on

Date of Conference:

22-23 May 2010