Combining heterogeneous anomaly detectors for improved software security

@article{Khreich2017CombiningHA,
  title={Combining heterogeneous anomaly detectors for improved software security},
  author={Wael Khreich and Syed Shariyar Murtaza and Abdelwahab Hamou-Lhadj and Chamseddine Talhi},
  journal={Journal of Systems and Software},
  year={2017},
  volume={137},
  pages={415-429}
}
Abstract Host-based Anomaly Detection Systems (ADSs) monitor for significant deviations from normal software behavior. Several techniques have been investigated for detecting anomalies in system call sequences. Among these, Sequence Time-Delay Embedding (STIDE), Hidden Markov Model (HMM), and One-Class Support Vector Machine (OCSVM) have shown a high level of anomaly detection accuracy. Although ADSs can detect novel attacks, they generate a large number of false alarms due to the difficulty in… CONTINUE READING
BETA

Similar Papers

Figures, Tables, Results, and Topics from this paper.

Key Quantitative Results

  • At an operating point of zero percent false alarm rate, the proposed multiple-detector ADS increased the true positive rate by 500% on the Linux dataset and by 25% on the Window dataset.

Citations

Publications citing this paper.
SHOWING 1-5 OF 5 CITATIONS

References

Publications referenced by this paper.
SHOWING 1-10 OF 72 REFERENCES

Generation of a new IDS test dataset: Time to retire the KDD collection

  • 2013 IEEE Wireless Communications and Networking Conference (WCNC)
  • 2013
VIEW 19 EXCERPTS
HIGHLY INFLUENTIAL

Intrusion Detection Using Sequences of System Calls

  • Journal of Computer Security
  • 1998
VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

An introduction to ROC analysis

T. Fawcett
  • Pattern Recogn. Lett. 27 (8)
  • 2006
VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

J

J. W. Ulvila
  • E. Ga ney Jr, Evaluation of intrusion detection systems, Journal of Research of the National Institute of Standards and Technology 108 (6)
  • 2003
VIEW 6 EXCERPTS
HIGHLY INFLUENTIAL