ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

Intrusion Detection Using Bayesian Classifier for Arbitrarily Long System Call Sequences

Journal: IADIS INTERNATIONAL JOURNAL ON COMPUTER SCIENCE AND INFORMATION SYSTEMS (Vol.9, No. 1)

Publication Date:

Authors : ; ; ;

Page : 71-81

Keywords : Intrusion detection; System call sequence; Naive Bayes classifier; Markov model; M-estimate;

Source : Downloadexternal Find it from : Google Scholarexternal

Abstract

In this paper, we present a sequence classifier for detecting host intrusions from long process system call sequences. The proposed classifier (called SC2.2) is a naïve Bayes classifier that builds class conditional probabilities from Markov modeling of system call sequences. We describe the proposed classifier, and then provide experimental results on the widely used University of New Mexico’s system call trace data sets. The results of our proposed classifier are benchmarked against leading classifiers, namely naive Bayes multinomial, C4.5 decision tree, RIPPER, support vector machine, and logistic regression. A key feature of the proposed classifier is its ability to handle efficiently arbitrarily long sequences, and zero transitional probabilities in the modeled Markov chain, by using a ―test, backtrack, scale and remultiply‖ technique, and using the m-estimate of conditional probabilities. Furthermore, it capitalizes on IEEE standard for floating-point arithmetic error specification to return classification confidence. Results show that the proposed classifier yields a better performance than standard classifiers on most datasets used.

Last modified: 2016-02-20 00:52:05