Learning Useful System Call Attributes for Anomaly Detection

Gaurav Tandon and Philip K. Chan, Florida Institute of Technology

Traditional host-based anomaly detection systems model normal behavior of applications by analyzing system call sequences. The current audit sequence is then examined (using the model for anomalous behavior, which could correspond to attacks. Though these techniques have been shown to be quite effective, a key element seems to be missing ’ the inclusion and utilization of the system call arguments. Recent research also shows that sequence-based systems are prone to evasion. We propose an idea of learning different representations for system call arguments. Results indicate that argument information can be effectively used for detecting more attacks with reasonable space and time overhead.

This page is copyrighted by AAAI. All rights reserved. Your use of this site constitutes acceptance of all of AAAI's terms and conditions and privacy policy.