Abstract
In this paper, we propose a "bag of system calls" representation for intrusion detection of system call sequences and describe misuse detection results with widely used machine learning techniques on University of New Mexico (UNM) and MIT Lincoln Lab (MIT LL) system call sequences with the proposed representation. With the feature representation as input, we compare the performance of several machine learning techniques and show experimental results. The results show that the machine learning techniques on simple "bag of system calls" representation of system call sequences is effective and often perform better than those approaches that use foreign contiguous subsequences for detecting intrusive behaviors of compromised processes.
Original language | English (US) |
---|---|
Pages (from-to) | 511-516 |
Number of pages | 6 |
Journal | Lecture Notes in Computer Science |
Volume | 3495 |
DOIs | |
State | Published - 2005 |
Event | IEEE International Conference on Intelligence and Security Informatics, ISI 2005 - Atlanta, GA, United States Duration: May 19 2005 → May 20 2005 |
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- General Computer Science