Skip to main content
Conference Proceedings

Anomaly detection method based on HMMs using system call and call stack information

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2005) 3802 LNAI 315-321
DOI: 10.1007/11596981_47
1Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Anomaly detection has emerged as an important approach to computer security. In this paper, a new anomaly detection method based on Hidden Markov Models (HMMs) is proposed to detect intrusions. Both system calls and return addresses from the call stack of the program are extracted dynamically to train and test HMMs. The states of the models are associated with the system calls and the observation symbols are associated with the sequences of return addresses from the call stack. Because the states of HMMs are observable, the models can be trained with a simple method which requires less computation time than the classical Baum-Welch method. Experiments show that our method reveals better detection performance than traditional HMMs based approaches. © Springer-Verlag Berlin Heidelberg 2005.

Cite

CITATION STYLE

APA

Zhang, C., & Peng, Q. (2005). Anomaly detection method based on HMMs using system call and call stack information. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3802 LNAI, pp. 315–321). Springer Verlag. https://doi.org/10.1007/11596981_47

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free