Profiling Program Behavior with X2 distance-based Multivariate Analysis for Intrusion Detection


KIPS Transactions on Computer and Communication Systems, Vol. 10, No. 4, pp. 397-404, Aug. 2003
10.3745/KIPSTC.2003.10.4.397,   PDF Download:

Abstract

Intrusion detection techniques based on program behavior can detect potential intrusions against systems by analyzing system calls made by demon programs or root-privileged programs and building program profiles. But there is a drawback : large profiles must be built for each program. In this paper, we X^2 apply distance-based multivariate analysis to profiling program behavior and detecting abnormal behavior in order to reduce profiles. Experiment results show that profiles are relatively small and the detection rate is significant.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
K. J. Il, K. Y. Min, S. J. Hyeon and N. B. Nam, "Profiling Program Behavior with X2 distance-based Multivariate Analysis for Intrusion Detection," KIPS Journal C (2001 ~ 2012) , vol. 10, no. 4, pp. 397-404, 2003. DOI: 10.3745/KIPSTC.2003.10.4.397.

[ACM Style]
Kim Jeong Il, Kim Yong Min, Seo Jae Hyeon, and No Bong Nam. 2003. Profiling Program Behavior with X2 distance-based Multivariate Analysis for Intrusion Detection. KIPS Journal C (2001 ~ 2012) , 10, 4, (2003), 397-404. DOI: 10.3745/KIPSTC.2003.10.4.397.