A reference based analysis framework for analyzing system call traces

Varun Chandola, Shyam Boriah, Vipin Kumar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Reference based analysis (RBA) is a novel data mining tool for exploring a test data set with respect to a reference data set. The power of RBA lies in it ability to transform any complex data type, such as symbolic sequences and multi-variate categorical data instances, into a multivariate continuous representation. The transformed representation not only allows visualization of the complex data, which cannot be otherwise visualized in its original form, but also allows enhanced anomaly detection in the transformed feature space. We demonstrate the application of the RBA framework in analyzing system call traces and show how the transformation results in improved intrusion detection performance over state of art data mining based intrusion detection methods developed for system call traces.

Original languageEnglish (US)
Title of host publication6th Annual Cyber Security and Information Intelligence Research Workshop
Subtitle of host publicationCyber Security and Information Intelligence Challenges and Strategies, CSIIRW10
DOIs
StatePublished - Nov 22 2010
Event6th Annual Cyber Security and Information Intelligence Research Workshop: Cyber Security and Information Intelligence Challenges and Strategies, CSIIRW10 - Oak Ridge, TN, United States
Duration: Apr 21 2010Apr 23 2010

Publication series

NameACM International Conference Proceeding Series

Other

Other6th Annual Cyber Security and Information Intelligence Research Workshop: Cyber Security and Information Intelligence Challenges and Strategies, CSIIRW10
CountryUnited States
CityOak Ridge, TN
Period4/21/104/23/10

Keywords

  • anomaly detection
  • intrusion detection
  • reference based analysis

Fingerprint Dive into the research topics of 'A reference based analysis framework for analyzing system call traces'. Together they form a unique fingerprint.

Cite this