Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
405407 | Knowledge-Based Systems | 2006 | 16 Pages |
Abstract
Anomaly-based intrusion detection (AID) techniques are useful for detecting novel intrusions into computing resources. One of simple but typical AID detectors proposed to date is stide, which is based on analysis of system call sequences. In this paper, we present a detailed formal framework to analyze, understand and improve the performance of stide and similar AID techniques. Several important properties of stide-like detectors are established through formal theorems, and validated by carefully conducted experiments using test datasets. Finally, the framework is utilized to reduce the cost of developing AID detectors by identifying the critical sections in the training dataset.
Related Topics
Physical Sciences and Engineering
Computer Science
Artificial Intelligence
Authors
Zhuowei Li, Amitabha Das,