Process profiling using frequencies of system calls

In this paper we discuss our research in developing general and systematic method for anomaly detection. The key ideas are to represent normal program behaviour using system call frequencies and to incorporate probabilistic techniques for classification to detect anomalies and intrusions. Using experiments on the sendmail system call data, we demonstrate that we can construct concise and accurate classifiers to detect anomalies. We provide an overview of the approach that we have implemented

Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on

Cochin University of Science and Technology