A Rough Set Approach to Abnormal Behavior Detection in Computer Systems
Computer is one of the most complex systems ever built by human being. Assurance of the correctness of the execution of computer programs even under the situation of malice is a grand challenge for both researchers in dependable systems and computer security. System call based analysis is an important approach to the accomplishment of this goal. In this article we use discernibility based analysis in rough set theory to generate classification rules from a small sample dataset and test the rules by applying them to classify a larger test dataset. Preliminary experiment results show that the two main weaknesses in former system call analysis methods, the requirement of a complete normal dataset and the low efficiency when used for online detection are overcome in our approach. The rules generated are very concise and have a low false positive rate, and very suitable for online monitoring.
Zhongmin Cai Xiaoming Wang Xiaoqing Wang Guoji Sun
State Key Laboratory for Manufacturing Systems Engineering Key Laboratory of Intelligent Network and State Key Laboratory for Manufacturing Systems Engineering Key Laboratory of Intelligent Network and
国际会议
青岛
英文
2006-07-21(万方平台首次上网日期,不代表论文的发表时间)