Skip to Main Content
Anomaly detection of privileged program is one of the most important means to ensure the security of Web systems. The fact that the uncertain short sequences of system calls affect detection models in various modeling methods has not been taken into account. The detection capability of anomaly detection models against known and unknown attacks is greatly affected. It is pointed out that the uncertain short sequences of system calls are closely related to contexts. The behavior status of the sequences of system calls is depicted by the abnormal membership on fuzzy segments. Experiment results indicate that the modeling method based on the abnormal membership on fuzzy segments increases the detection capability against known and unknown attacks.
Date of Conference: 4-8 April 2005