Finding the Vocabulary of Program Behavior Data for Anomaly Detection
نویسنده
چکیده
Application-based anomaly detectors construct a baseline model of normal application behavior, and deviations from that behavior are interpreted as signs of a possible intrusion. But current anomaly detectors monitor application behavior at a high level of detail, and many irrelevant variations in that behavior can cause false alarms. This paper discusses the preprocessing of audit data ultimately used by application-based anomaly detection systems. The goal is to create a more abstract picture of program behavior, filtering out many irrelevant details. Our specific approach automatically identifies repeating sub-sequences of behavior events and sequences of events that always occur together. Although this preprocessing technique can be used with a wide variety of program-based anomaly detectors, we present empirical results showing how it improves the performance of the well-known stide anomaly detection
منابع مشابه
Behavior-Based Online Anomaly Detection for a Nationwide Short Message Service
As fraudsters understand the time window and act fast, real-time fraud management systems becomes necessary in Telecommunication Industry. In this work, by analyzing traces collected from a nationwide cellular network over a period of a month, an online behavior-based anomaly detection system is provided. Over time, users' interactions with the network provides a vast amount of usage data. Thes...
متن کاملMoving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملRecurrent Neural Network Language Models for Open Vocabulary Event-Level Cyber Anomaly Detection
Automated analysis methods are crucial aids for monitoring and defending a network to protect the sensitive or confidential data it hosts. This work introduces a flexible, powerful, and unsupervised approach to detecting anomalous behavior in computer and network logs; one that largely eliminates domain-dependent feature engineering employed by existing methods. By treating system logs as threa...
متن کاملThe Influence of Data-Driven Exercises Through Using a Computer Program on Vocabulary Improvement in an EFL Context
The present study was conducted to evaluate data driven learning (DDL) combined with Computer Assisted Language Learning (CALL) as an approach to improving vocabulary knowledge of Iranian postgraduates majoring in teaching English, English literature and translation. The purpose was to help language learners get familiar with DDL as a student-centered method taking advantage of a computer progr...
متن کاملA Survey of Anomaly Detection Approaches in Internet of Things
Internet of Things is an ever-growing network of heterogeneous and constraint nodes which are connected to each other and the Internet. Security plays an important role in such networks. Experience has proved that encryption and authentication are not enough for the security of networks and an Intrusion Detection System is required to detect and to prevent attacks from malicious nodes. In this ...
متن کامل