Learning Patterns from Unix Process Execution Traces for Intrusion Detection
In this paper we describe our preliminary experiments to extend the work pioneered by Forrest (see Forrest et al. 1996) on learning the (normal and abnormal) patterns of Unix processes. These patterns can be used to identify misuses of and intrusions in Unix systems. We formulated machine learning tasks on operating system call sequences of normal and abnormal (intrusion) executions of the Unix sendmail program. We show that our methods can accurately distinguish all abnormal executions of sendmail from the normal ones provided in a set of test traces. These preliminary results indicate that machine learning can play an important role by generalizing stored sequence information to perhaps provide broader intrusion detection services. The experiments also reveal some interesting and challenging problems for future research.
- wenke-aaai97.pdf application/pdf 63.3 KB Download File
More About This Work
- Academic Units
- Computer Science
- Published Here
- May 4, 2010
AI approaches to fraud detection & risk management: papers from the 1997 AAAI Workshop: July 27, 1997, Providence, Rhode Island (Menlo Park, Calif.: AAAI Press, 1997).