Learning classifiers for misuse detection using a bag of system calls representation

Dae Ki Kang, Doug Fuller, Vasant Honavar

Research output: Contribution to journalConference article

23 Citations (Scopus)

Abstract

In this paper, we propose a "bag of system calls" representation for intrusion detection of system call sequences and describe misuse detection results with widely used machine learning techniques on University of New Mexico (UNM) and MIT Lincoln Lab (MIT LL) system call sequences with the proposed representation. With the feature representation as input, we compare the performance of several machine learning techniques and show experimental results. The results show that the machine learning techniques on simple "bag of system calls" representation of system call sequences is effective and often perform better than those approaches that use foreign contiguous subsequences for detecting intrusive behaviors of compromised processes.

Original languageEnglish (US)
Pages (from-to)511-516
Number of pages6
JournalLecture Notes in Computer Science
Volume3495
StatePublished - Sep 26 2005
EventIEEE International Conference on Intelligence and Security Informatics, ISI 2005 - Atlanta, GA, United States
Duration: May 19 2005May 20 2005

Fingerprint

Learning systems
Classifiers
Classifier
Machine Learning
Intrusion detection
Intrusion Detection
Subsequence
Learning
Experimental Results

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

@article{e9ce7fed136442dcad1534bac1a4ea60,
title = "Learning classifiers for misuse detection using a bag of system calls representation",
abstract = "In this paper, we propose a {"}bag of system calls{"} representation for intrusion detection of system call sequences and describe misuse detection results with widely used machine learning techniques on University of New Mexico (UNM) and MIT Lincoln Lab (MIT LL) system call sequences with the proposed representation. With the feature representation as input, we compare the performance of several machine learning techniques and show experimental results. The results show that the machine learning techniques on simple {"}bag of system calls{"} representation of system call sequences is effective and often perform better than those approaches that use foreign contiguous subsequences for detecting intrusive behaviors of compromised processes.",
author = "Kang, {Dae Ki} and Doug Fuller and Vasant Honavar",
year = "2005",
month = "9",
day = "26",
language = "English (US)",
volume = "3495",
pages = "511--516",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

Learning classifiers for misuse detection using a bag of system calls representation. / Kang, Dae Ki; Fuller, Doug; Honavar, Vasant.

In: Lecture Notes in Computer Science, Vol. 3495, 26.09.2005, p. 511-516.

Research output: Contribution to journalConference article

TY - JOUR

T1 - Learning classifiers for misuse detection using a bag of system calls representation

AU - Kang, Dae Ki

AU - Fuller, Doug

AU - Honavar, Vasant

PY - 2005/9/26

Y1 - 2005/9/26

N2 - In this paper, we propose a "bag of system calls" representation for intrusion detection of system call sequences and describe misuse detection results with widely used machine learning techniques on University of New Mexico (UNM) and MIT Lincoln Lab (MIT LL) system call sequences with the proposed representation. With the feature representation as input, we compare the performance of several machine learning techniques and show experimental results. The results show that the machine learning techniques on simple "bag of system calls" representation of system call sequences is effective and often perform better than those approaches that use foreign contiguous subsequences for detecting intrusive behaviors of compromised processes.

AB - In this paper, we propose a "bag of system calls" representation for intrusion detection of system call sequences and describe misuse detection results with widely used machine learning techniques on University of New Mexico (UNM) and MIT Lincoln Lab (MIT LL) system call sequences with the proposed representation. With the feature representation as input, we compare the performance of several machine learning techniques and show experimental results. The results show that the machine learning techniques on simple "bag of system calls" representation of system call sequences is effective and often perform better than those approaches that use foreign contiguous subsequences for detecting intrusive behaviors of compromised processes.

UR - http://www.scopus.com/inward/record.url?scp=24944517527&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=24944517527&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:24944517527

VL - 3495

SP - 511

EP - 516

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -