A probabilistic method for detecting anomalous program behavior

Kohei Tatara, Toshihiro Tabata, Kouichi Sakurai

Research output: Contribution to journalConference article

Abstract

In this paper, we, as well as Eskin, Lee, Stolfo propose a method of prediction model. In their method, the program was characterized with both the order and the kind of system calls. We focus on a non-sequential feature of system calls given from a program. We apply a Bayesian network to predicting the N-th system call from the sequence of system calls of the length N - 1. In addition, we show that a correlation between several kinds of system calls can be expressed by using our method, and can characterize a program behavior.

Original languageEnglish
Pages (from-to)87-98
Number of pages12
JournalLecture Notes in Computer Science
Volume3325
DOIs
Publication statusPublished - Jan 1 2005
Event5th International Workshop on Information Security Applications, WISA 2004 - Jeju Island, Korea, Republic of
Duration: Aug 23 2004Aug 25 2004

Keywords

  • Anomaly detection
  • Bayesian network
  • Intrusion detection
  • System call

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'A probabilistic method for detecting anomalous program behavior'. Together they form a unique fingerprint.

  • Cite this