Abstract
Intrusion detection systems protect normal users and system resources from information security threats. Anomaly detection is an approach of intrusion detection that constructs models of normal behavior of users or systems and detects the behaviors that deviate from the model. Monitoring the sequences of system calls generated during the execution of privileged programs has been known to be an effective means of anomaly detection. Finite automata have been recognized as an appropriate device to model normal behaviors of system call sequences. However, there have been several technical difficulties in constructing finite automata from sequences of system calls. We present our study on how to construct finite automata from system call sequences using genetic algorithms. The resulting system is shown to be very effective in detecting intrusions through various experiments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Belz, A., Eskikaya, B.: A Genetic algorithm for Finite Automata Induction with an Application to Phonotactics. In: Proceedings of the European Summer School in Logic, Language, and Information Workshop on Automated Acquisition of Syntax and Parsing, pp. 9–17 (1998)
Debar, H., Becker, M., Siboni, D.: A Neural Network Component for an Intrusion Detection System. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 240–250 (1992)
Denning, D.: An Intrusion Detection Model. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 119–131 (1986)
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A Sense of Self for Unix Processes. In: IEEE Symposium on Security and Privacy, pp. 120–128 (1996)
Hofmeyr, S., Forrest, S., Somayaji, A.: Intrusion Detection using Sequence of System Calls. Journal of Computer Security 6, 151–180 (1998)
Javitz, H., Valdes, A.: The SRI IDES Statistical Anomaly Detector. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (1991)
Kosoresow, A.: Intrusion Detection via System Call Traces. IEEE Software 14(5), 35–42 (1997)
Lankewicz, L., Benard, M.: Real Time Anomaly Detection using a Nonparametric Pattern Recognition Approach. In: Proceedings of the Seventh Annual Computer Security Applications Conference, San Antonio, TX (1991)
Lunt, T., Tamaru, A., Gilham, F.: IDES: A Progress Report. In: Proceedings of the Sixth Annual Computer Security Applications Conference, Tucson, AZ (1990)
Me, L.: GASSATA: A Genetic Algorithm as an Alternative Tool or Security Audit Trails Analysis. In: First International Workshop on the Recent Advances in Intrusion Detection, Louvain-la-Neuve, Belgium (1998)
Sekar, R., Bendre, M.: A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. In: Proceeding of the 2001 IEEE Symposium on Security and Privacy, pp. 144–155 (2001)
Smaha, S.: Haystack: An Intrusion Detection System. In: Proceedings of the Fourth IEEE Aerospace Computer Security Applications Conference, Orlando, FL (1988)
Wagner, D.: Intrusion Detection via Static Analysis. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 156–159 (2001)
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusions using System Calls: Alternative Data Models. In: Proceedings of the 20th IEEE Symposium on Security and Privacy (1999)
Wee, K., Moon, B.: Automatic Generation of Finite Automata for Detecting Intrusions using System Call Sequences. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 206–216. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wee, K., Kim, S. (2006). Construction of Finite Automata for Intrusion Detection from System Call Sequences by Genetic Algorithms. In: Ng, WK., Kitsuregawa, M., Li, J., Chang, K. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2006. Lecture Notes in Computer Science(), vol 3918. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11731139_69
Download citation
DOI: https://doi.org/10.1007/11731139_69
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33206-0
Online ISBN: 978-3-540-33207-7
eBook Packages: Computer ScienceComputer Science (R0)