Behavioral Distance Measurement using Hidden Markov Models

The behavioral distance between two processes is a measure of the deviation of their behaviors. Behavioral distance has been proposed for detecting the compromise of a process, by computing its behavioral distance from another process executed on the same input. Provided that the two processes are d...

Full description

Saved in:
Bibliographic Details
Main Authors: GAO, Debin, Reiter, Michael K., SONG, Dawn
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2006
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/1244
http://dx.doi.org/10.1007/11856214_2
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-2243
record_format dspace
spelling sg-smu-ink.sis_research-22432010-12-22T08:24:06Z Behavioral Distance Measurement using Hidden Markov Models GAO, Debin Reiter, Michael K. SONG, Dawn The behavioral distance between two processes is a measure of the deviation of their behaviors. Behavioral distance has been proposed for detecting the compromise of a process, by computing its behavioral distance from another process executed on the same input. Provided that the two processes are diverse and so unlikely to fall prey to the same attacks, an increase in behavioral distance might indicate the compromise of one of them. In this paper we propose a new approach to behavioral distance calculation using a new type of Hidden Markov Model. We also empirically evaluate the intrusion detection capability of our proposal when used to measure the distance between the system-call behaviors of diverse web servers. Our experiments show that it detects intrusions with substantially greater accuracy and with performance overhead comparable to that of prior proposals. 2006-09-01T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/1244 info:doi/10.1007/11856214_2 http://dx.doi.org/10.1007/11856214_2 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University intrusion detection anomaly detection system call behavioral distance Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic intrusion detection
anomaly detection
system call
behavioral distance
Information Security
spellingShingle intrusion detection
anomaly detection
system call
behavioral distance
Information Security
GAO, Debin
Reiter, Michael K.
SONG, Dawn
Behavioral Distance Measurement using Hidden Markov Models
description The behavioral distance between two processes is a measure of the deviation of their behaviors. Behavioral distance has been proposed for detecting the compromise of a process, by computing its behavioral distance from another process executed on the same input. Provided that the two processes are diverse and so unlikely to fall prey to the same attacks, an increase in behavioral distance might indicate the compromise of one of them. In this paper we propose a new approach to behavioral distance calculation using a new type of Hidden Markov Model. We also empirically evaluate the intrusion detection capability of our proposal when used to measure the distance between the system-call behaviors of diverse web servers. Our experiments show that it detects intrusions with substantially greater accuracy and with performance overhead comparable to that of prior proposals.
format text
author GAO, Debin
Reiter, Michael K.
SONG, Dawn
author_facet GAO, Debin
Reiter, Michael K.
SONG, Dawn
author_sort GAO, Debin
title Behavioral Distance Measurement using Hidden Markov Models
title_short Behavioral Distance Measurement using Hidden Markov Models
title_full Behavioral Distance Measurement using Hidden Markov Models
title_fullStr Behavioral Distance Measurement using Hidden Markov Models
title_full_unstemmed Behavioral Distance Measurement using Hidden Markov Models
title_sort behavioral distance measurement using hidden markov models
publisher Institutional Knowledge at Singapore Management University
publishDate 2006
url https://ink.library.smu.edu.sg/sis_research/1244
http://dx.doi.org/10.1007/11856214_2
_version_ 1770570927768076288