Study on HMM Based Anomaly Intrusion Detection Using System Calls
In order to improve the detection accuracy,we study on the HMM model based on system calls anomaly detection.We starting from the program semantics issued system call,analysis that the state hidden behind system calls is the program execution state.Then put forward that hidden state must greater than the number of unique system calls when training HMM.And observation probability can be as 01 vector form.HMM trained in our way is better than other models on detection accuracy.
anomaly detection system call HMM hidden state
SHI Shang-zhe SUN Mei-feng
Information and Engineering College,Yangzhou University,Yangzhou Jiangsu 225127
国际会议
沈阳
英文
139-144
2012-09-26(万方平台首次上网日期,不代表论文的发表时间)