A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf
.
Selecting and Improving System Call Models for Anomaly Detection
[chapter]
2009
Lecture Notes in Computer Science
We propose a syscall-based anomaly detection system that incorporates both deterministic and stochastic models. We analyze in detail two alternative approaches for anomaly detection over system call sequences and arguments, and propose a number of modifications that significantly improve their performance. We begin by comparing them and analyzing their respective performance in terms of detection accuracy. Then, we outline their major shortcomings, and propose various changes in the models that
doi:10.1007/978-3-642-02918-9_13
fatcat:ig2yhvyi7rbfhns6db4aonmoza