Study on HMM Based Anomaly Intrusion Detection Using System Calls
Authors
Shang-zhe SHI, Mei-feng SUN
Corresponding Author
Shang-zhe SHI
Available Online September 2012.
- DOI
- 10.2991/emeit.2012.27How to use a DOI?
- Keywords
- anomaly detection, system call, HMM, hidden state
- Abstract
In order to improve the detection accuracy, we study on the HMM model based on system calls anomaly detection. We starting from the program semantics issued system call, analysis that the state hidden behind system calls is the program execution state. Then put forward that hidden state must greater than the number of unique system calls when training HMM. And observation probability can be as 01 vector form. HMM trained in our way is better than other models on detection accuracy.
- Copyright
- © 2012, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Shang-zhe SHI AU - Mei-feng SUN PY - 2012/09 DA - 2012/09 TI - Study on HMM Based Anomaly Intrusion Detection Using System Calls BT - Proceedings of the 2nd International Conference on Electronic & Mechanical Engineering and Information Technology (EMEIT 2012) PB - Atlantis Press SP - 139 EP - 144 SN - 1951-6851 UR - https://doi.org/10.2991/emeit.2012.27 DO - 10.2991/emeit.2012.27 ID - SHI2012/09 ER -