Anomaly detection has emerged as an important approach to computer security. In this paper, a new anomaly detection method based on Hidden Markov Models (HMMs) is proposed to detect intrusions. Both system calls and return addresses from the call stack of the program are extracted dynamically to train and test HMMs. The states of the models are associated with the system calls and the observation symbols are associated with the sequences of return addresses from the call stack. Because the states of HMMs are observable, the models can be trained with a simple method which requires less computation time than the classical Baum-Welch method. Experiments show that our method reveals better detection performance than traditional HMMs based approaches. © Springer-Verlag Berlin Heidelberg 2005.
CITATION STYLE
Zhang, C., & Peng, Q. (2005). Anomaly detection method based on HMMs using system call and call stack information. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3802 LNAI, pp. 315–321). Springer Verlag. https://doi.org/10.1007/11596981_47
Mendeley helps you to discover research relevant for your work.