A new anomaly detection method based on models of user behavior at the command level is proposed as an intrusion detection technique. The hybrid command sequence (HCS) model is trained from historical session data by a genetic algorithm, and then it is used as the criterion in verifying observed behavior. The proposed model considers the occurrence of multiple command sequence fragments in a single session, so that it could recognize non-sequential patterns. Experiment results demonstrate an anomaly detection rate of higher than 90%, comparable to other statistical methods and 10% higher than the original command sequence model. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Jian, Z., Shirai, H., Takahashi, I., Kuroiwa, J., Odaka, T., & Ogura, H. (2007). A hybrid command sequence model for anomaly detection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4426 LNAI, pp. 108–118). Springer Verlag. https://doi.org/10.1007/978-3-540-71701-0_13
Mendeley helps you to discover research relevant for your work.