Data Cleaning and Enriched Representations for Anomaly Detection in System Calls

  title={Data Cleaning and Enriched Representations for Anomaly Detection in System Calls},
  author={Gaurav Tandon and Philip Ka-Fai Chan and Debasis Mitra},

Figures, Tables, and Topics from this paper

Anomaly Detection Using Time Index Differences of Identical Symbols with and without Training Data
A novel masquerade detection algorithm based on a statistical test for system parameter drift of time series data that transforms the string of commands into a symbol sequence using the average time index difference of symbols identical to the symbol found at a particular index for anomaly detection. Expand
Machine learning for host-based anomaly detection
Experimental results on various data sets indicate that the techniques presented are more effective than traditional methods in capturing attack-based host anomalies and the computational overhead incurred is reasonable for an online anomaly detection system. Expand
Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection
This review proposes a comprehensive framework for addressing the challenge of characterising novel complex threats and relevant counter-measures in the field of intrusion detection, which is typically performed online, and security investigation, performed offline. Expand
Intrusion detection in computer systems as a pattern recognition task in adversarial environment : a critical review
The traditional Intrusion Detection Sistems (IDS) designing approach rely upon the expert (handwritten) definition of models describing either legitimate or attack patterns in computer systems.Expand
Integrated innate and adaptive artificial immune systems applied to process anomaly detection
This thesis shows how the use of AISs which incorporate both innate and adaptive immune system mechanisms can be used to reduce the number of false alerts and improve the performance of current approaches. Expand
Selected Qualitative Spatio-temporal Calculi Developed for Constraint Reasoning: A Review
In this article a few of the qualitative spatio-temporal knowledge representation techniques developed by the constraint reasoning community within artificial intelligence are reviewed. The objectiveExpand


Intrusion detection: a bioinformatics approach
This work addresses the problem of detecting masquerading by using a semiglobal alignment and a unique scoring system to measure similarity between a sequence of commands produced by a potential intruder and the user signature, which is a sequences of commands collected from a legitimate user. Expand
The Diagram, a Method for Comparing Sequences
This paper describes another alternative, the “diagonalmatch” or diagram method, which it thinks has advantages over other methods in that it is basically simple, and shows directly all the possible similarities between the sequences. Expand
Temporal signatures for intrusion detection
A new method for detecting intrusions based on the temporal behavior of applications that builds on an existing method of application intrusion detection that uses a system call sequence as a signature to form a richer signature. Expand
Learning States and Rules for Time Series Anomaly Detection
The empirical results, on data obtained from the NASA shuttle program, indicate that the Gecko clustering algorithm is comparable to a human expert in identifying states and the overall system can track normal behavior and detect anomalies. Expand
Outlier detection for high dimensional data
New techniques for outlier detection which find the outliers by studying the behavior of projections from the data set are discussed. Expand
Detecting intrusions using system calls: alternative data models
This work compares the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions and concludes that for this particular problem, weaker methods than HMMs are likely sufficient. Expand
An Intrusion-Detection System Based on the Teiresias Pattern- Discovery Algorithm
This paper has developed a novel technique to build tables of variable-length patterns based on Teiresias, an algorithm initially developed for the discovery of rigid patterns in unaligned biological sequences. Expand
An Intrusion-Detection Model
  • D. Denning
  • Computer Science
  • 1986 IEEE Symposium on Security and Privacy
  • 1986
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis thatExpand
Algorithms for Mining Distance-Based Outliers in Large Datasets
This paper provides formal and empirical evidence showing the usefulness of DB-outliers and presents two simple algorithms for computing such outliers, both having a complexity of O(k N’), k being the dimensionality and N being the number of objects in the dataset. Expand
Applications of Data Mining in Computer Security
Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt are discussed, as well as a Geometric Framework for Unsupervised Anomaly Detection, and a Heterogeneous Alert Stream into Scenarios. Expand