A Modified Process Anomaly Detection Using Boolean Function
This paper proposes a process anomaly detection method using Boolean function to discover whether a running process is compromised.This method combines the results of multiple detectors to avoid the single detector’s limitation of inadequate training and therefore poor generalization performance.It aims at higher true positive rate and lower false positive rate in the detection.Traditional hidden Markov model is used and improved to describe the process,so that we can tell what normality is and what anomaly is.A simplified Boolean function is utilized to improve the efficiency.Two algorithms are proposed to evaluate and improve the detectors performance.And it turns out to be satisfying with high true positive rate and low false positive rate in the simulation.
process behavior evaluation anomaly detection Hidden Markov Model ROC Boolean fuction
Kun Mao Xuehui Du Yi Sun
Zhengzhou Information Science and Technology Institute Henan Province Information Security Key Laboratory Zhengzhou, China
国际会议
2012 IEEE 14th International Conference on Communication Technology(2012年第十四届通信技术国际会议(ICCT 2012))
成都
英文
927-931
2012-11-09(万方平台首次上网日期,不代表论文的发表时间)