Learning classifiers for misuse detection using a bag of system calls representation

Dae Ki Kang, Doug Fuller, Vasant Honavar

Research output: Contribution to journalConference articlepeer-review

29 Scopus citations


In this paper, we propose a "bag of system calls" representation for intrusion detection of system call sequences and describe misuse detection results with widely used machine learning techniques on University of New Mexico (UNM) and MIT Lincoln Lab (MIT LL) system call sequences with the proposed representation. With the feature representation as input, we compare the performance of several machine learning techniques and show experimental results. The results show that the machine learning techniques on simple "bag of system calls" representation of system call sequences is effective and often perform better than those approaches that use foreign contiguous subsequences for detecting intrusive behaviors of compromised processes.

Original languageEnglish (US)
Pages (from-to)511-516
Number of pages6
JournalLecture Notes in Computer Science
StatePublished - 2005
EventIEEE International Conference on Intelligence and Security Informatics, ISI 2005 - Atlanta, GA, United States
Duration: May 19 2005May 20 2005

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Learning classifiers for misuse detection using a bag of system calls representation'. Together they form a unique fingerprint.

Cite this