Skip to main content
Conference Proceedings

A hybrid command sequence model for anomaly detection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2007) 4426 LNAI 108-118
DOI: 10.1007/978-3-540-71701-0_13
4Citations
Citations of this article
3Readers
Mendeley users who have this article in their library.
Get full text

Abstract

A new anomaly detection method based on models of user behavior at the command level is proposed as an intrusion detection technique. The hybrid command sequence (HCS) model is trained from historical session data by a genetic algorithm, and then it is used as the criterion in verifying observed behavior. The proposed model considers the occurrence of multiple command sequence fragments in a single session, so that it could recognize non-sequential patterns. Experiment results demonstrate an anomaly detection rate of higher than 90%, comparable to other statistical methods and 10% higher than the original command sequence model. © Springer-Verlag Berlin Heidelberg 2007.

Author supplied keywords

Cite

CITATION STYLE

APA

Jian, Z., Shirai, H., Takahashi, I., Kuroiwa, J., Odaka, T., & Ogura, H. (2007). A hybrid command sequence model for anomaly detection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4426 LNAI, pp. 108–118). Springer Verlag. https://doi.org/10.1007/978-3-540-71701-0_13

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free