Construction of Finite Automata for Intrusion Detection from System Call Sequences by Genetic Algorithms

Wee, Kyubum; Kim, Sinjae

doi:10.1007/11731139_69

Kyubum Wee²² &
Sinjae Kim²²

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3918))

Included in the following conference series:

Pacific-Asia Conference on Knowledge Discovery and Data Mining

3052 Accesses
5 Citations

Abstract

Intrusion detection systems protect normal users and system resources from information security threats. Anomaly detection is an approach of intrusion detection that constructs models of normal behavior of users or systems and detects the behaviors that deviate from the model. Monitoring the sequences of system calls generated during the execution of privileged programs has been known to be an effective means of anomaly detection. Finite automata have been recognized as an appropriate device to model normal behaviors of system call sequences. However, there have been several technical difficulties in constructing finite automata from sequences of system calls. We present our study on how to construct finite automata from system call sequences using genetic algorithms. The resulting system is shown to be very effective in detecting intrusions through various experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Belz, A., Eskikaya, B.: A Genetic algorithm for Finite Automata Induction with an Application to Phonotactics. In: Proceedings of the European Summer School in Logic, Language, and Information Workshop on Automated Acquisition of Syntax and Parsing, pp. 9–17 (1998)
Google Scholar
Debar, H., Becker, M., Siboni, D.: A Neural Network Component for an Intrusion Detection System. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 240–250 (1992)
Google Scholar
Denning, D.: An Intrusion Detection Model. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 119–131 (1986)
Google Scholar
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A Sense of Self for Unix Processes. In: IEEE Symposium on Security and Privacy, pp. 120–128 (1996)
Google Scholar
Hofmeyr, S., Forrest, S., Somayaji, A.: Intrusion Detection using Sequence of System Calls. Journal of Computer Security 6, 151–180 (1998)
Article Google Scholar
Javitz, H., Valdes, A.: The SRI IDES Statistical Anomaly Detector. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (1991)
Google Scholar
Kosoresow, A.: Intrusion Detection via System Call Traces. IEEE Software 14(5), 35–42 (1997)
Article Google Scholar
Lankewicz, L., Benard, M.: Real Time Anomaly Detection using a Nonparametric Pattern Recognition Approach. In: Proceedings of the Seventh Annual Computer Security Applications Conference, San Antonio, TX (1991)
Google Scholar
Lunt, T., Tamaru, A., Gilham, F.: IDES: A Progress Report. In: Proceedings of the Sixth Annual Computer Security Applications Conference, Tucson, AZ (1990)
Google Scholar
Me, L.: GASSATA: A Genetic Algorithm as an Alternative Tool or Security Audit Trails Analysis. In: First International Workshop on the Recent Advances in Intrusion Detection, Louvain-la-Neuve, Belgium (1998)
Google Scholar
Sekar, R., Bendre, M.: A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. In: Proceeding of the 2001 IEEE Symposium on Security and Privacy, pp. 144–155 (2001)
Google Scholar
Smaha, S.: Haystack: An Intrusion Detection System. In: Proceedings of the Fourth IEEE Aerospace Computer Security Applications Conference, Orlando, FL (1988)
Google Scholar
Wagner, D.: Intrusion Detection via Static Analysis. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 156–159 (2001)
Google Scholar
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusions using System Calls: Alternative Data Models. In: Proceedings of the 20th IEEE Symposium on Security and Privacy (1999)
Google Scholar
Wee, K., Moon, B.: Automatic Generation of Finite Automata for Detecting Intrusions using System Call Sequences. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 206–216. Springer, Heidelberg (2003)
Chapter Google Scholar
http://www.cs.unm.edu/~immsec/systemcalls.htm

Download references

Author information

Authors and Affiliations

Ajou University, Suwon, 443-749, South Korea
Kyubum Wee & Sinjae Kim

Authors

Kyubum Wee
View author publications
You can also search for this author in PubMed Google Scholar
Sinjae Kim
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Nanyang Technological University, Singapore
Wee-Keong Ng
Institute of Industrial Science, The University of Tokyo, 4-6-1 Komaba, Meguro-ku, 153-8505, Tokyo, Japan
Masaru Kitsuregawa
School of Computer Science and Technology, Heilongjiang University, China
Jianzhong Li
School of Computer Engineering, Nanyang Technological University, 639798, Singapore, Singapore
Kuiyu Chang

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wee, K., Kim, S. (2006). Construction of Finite Automata for Intrusion Detection from System Call Sequences by Genetic Algorithms. In: Ng, WK., Kitsuregawa, M., Li, J., Chang, K. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2006. Lecture Notes in Computer Science(), vol 3918. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11731139_69

Download citation

DOI: https://doi.org/10.1007/11731139_69
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33206-0
Online ISBN: 978-3-540-33207-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics