Home // ICDS 2014, The Eighth International Conference on Digital Society // View article

Intrusion Detection Using N-Grams of Object Access Graph Components

Authors:
Zachary Birnbaum
Andrey Dolgikh
Victor Skormin

Keywords: security, intrusion detection, behavioral anomaly detection, graph processing

Abstract:
Cyber warfare demonstrates an arms race between mutually escalating malware and Intrusion Detection System (IDS) technologies. We put forward a novel process for defin-ing system behavior with the end result being a highly effective IDS. System calls accumulated under normal network opera-tion are converted into graph components, and used as part of the IDS normalcy profile. This paper are as follows: detection of attacks based on the anomalous use of program functionali-ty; reduced window of attack; reduced false positive rate; in-creased performance in comparison to standard n-gram meth-ods; a graph compression algorithm for efficient processing of system call graphs. The proposed IDS can be used within lim-ited access environments such as industrial or military systems where only approved applications are running and any anoma-lies are indicative of a cyber attack or malfunction.

Pages: 209 to 215

Copyright: Copyright (c) IARIA, 2014

Publication date: March 23, 2014

Published in: conference

ISSN: 2308-3956

ISBN: 978-1-61208-324-7

Location: Barcelona, Spain

Dates: from March 23, 2014 to March 27, 2014