Behavioral Distance for Intrusion Detection View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2006

AUTHORS

Debin Gao , Michael K. Reiter , Dawn Song

ABSTRACT

We introduce a notion, behavioral distance, for evaluating the extent to which processes—potentially running different programs and executing on different platforms—behave similarly in response to a common input. We explore behavioral distance as a means to detect an attack on one process that causes its behavior to deviate from that of another. We propose a measure of behavioral distance and a realization of this measure using the system calls emitted by processes. Through an empirical evaluation of this measure using three web servers on two different platforms (Linux and Windows), we demonstrate that this approach holds promise for better intrusion detection with moderate overhead. More... »

PAGES

63-81

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/11663812_4

DOI

http://dx.doi.org/10.1007/11663812_4

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1051888941


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information Systems", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Electrical & Computer Engineering Department, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA", 
          "id": "http://www.grid.ac/institutes/grid.147455.6", 
          "name": [
            "Electrical & Computer Engineering Department, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Gao", 
        "givenName": "Debin", 
        "id": "sg:person.013015522271.54", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013015522271.54"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Electrical & Computer Engineering Department, Computer Science Department, and CyLab, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA", 
          "id": "http://www.grid.ac/institutes/grid.147455.6", 
          "name": [
            "Electrical & Computer Engineering Department, Computer Science Department, and CyLab, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Reiter", 
        "givenName": "Michael K.", 
        "id": "sg:person.01265200500.82", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01265200500.82"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Electrical & Computer Engineering Department, Computer Science Department, and CyLab, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA", 
          "id": "http://www.grid.ac/institutes/grid.147455.6", 
          "name": [
            "Electrical & Computer Engineering Department, Computer Science Department, and CyLab, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Song", 
        "givenName": "Dawn", 
        "id": "sg:person.01143152610.86", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2006", 
    "datePublishedReg": "2006-01-01", 
    "description": "We introduce a notion, behavioral distance, for evaluating the extent to which processes\u2014potentially running different programs and executing on different platforms\u2014behave similarly in response to a common input. We explore behavioral distance as a means to detect an attack on one process that causes its behavior to deviate from that of another. We propose a measure of behavioral distance and a realization of this measure using the system calls emitted by processes. Through an empirical evaluation of this measure using three web servers on two different platforms (Linux and Windows), we demonstrate that this approach holds promise for better intrusion detection with moderate overhead.", 
    "editor": [
      {
        "familyName": "Valdes", 
        "givenName": "Alfonso", 
        "type": "Person"
      }, 
      {
        "familyName": "Zamboni", 
        "givenName": "Diego", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/11663812_4", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-540-31778-4", 
        "978-3-540-31779-1"
      ], 
      "name": "Recent Advances in Intrusion Detection", 
      "type": "Book"
    }, 
    "keywords": [
      "intrusion detection", 
      "better intrusion detection", 
      "behavioral distance", 
      "system calls", 
      "web server", 
      "moderate overhead", 
      "different platforms", 
      "empirical evaluation", 
      "server", 
      "overhead", 
      "different programs", 
      "common input", 
      "attacks", 
      "platform", 
      "detection", 
      "input", 
      "distance", 
      "process", 
      "measures", 
      "realization", 
      "calls", 
      "notion", 
      "response", 
      "evaluation", 
      "program", 
      "means", 
      "promise", 
      "extent", 
      "behavior", 
      "approach"
    ], 
    "name": "Behavioral Distance for Intrusion Detection", 
    "pagination": "63-81", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1051888941"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/11663812_4"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/11663812_4", 
      "https://app.dimensions.ai/details/publication/pub.1051888941"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-10T10:55", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220509/entities/gbq_results/chapter/chapter_64.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/11663812_4"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/11663812_4'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/11663812_4'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/11663812_4'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/11663812_4'


 

This table displays all metadata directly associated to this object as RDF triples.

111 TRIPLES      23 PREDICATES      56 URIs      49 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/11663812_4 schema:about anzsrc-for:08
2 anzsrc-for:0806
3 schema:author N462e4d5e2e8a4c748f9b5c18b7d4b863
4 schema:datePublished 2006
5 schema:datePublishedReg 2006-01-01
6 schema:description We introduce a notion, behavioral distance, for evaluating the extent to which processes—potentially running different programs and executing on different platforms—behave similarly in response to a common input. We explore behavioral distance as a means to detect an attack on one process that causes its behavior to deviate from that of another. We propose a measure of behavioral distance and a realization of this measure using the system calls emitted by processes. Through an empirical evaluation of this measure using three web servers on two different platforms (Linux and Windows), we demonstrate that this approach holds promise for better intrusion detection with moderate overhead.
7 schema:editor Nf1192d6ebca04af3b5b313f5e83fbfcd
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf Ncc8fac4d3957469ea9fd74c56b5407ea
12 schema:keywords approach
13 attacks
14 behavior
15 behavioral distance
16 better intrusion detection
17 calls
18 common input
19 detection
20 different platforms
21 different programs
22 distance
23 empirical evaluation
24 evaluation
25 extent
26 input
27 intrusion detection
28 means
29 measures
30 moderate overhead
31 notion
32 overhead
33 platform
34 process
35 program
36 promise
37 realization
38 response
39 server
40 system calls
41 web server
42 schema:name Behavioral Distance for Intrusion Detection
43 schema:pagination 63-81
44 schema:productId N34b9b8543f024d2a8d1056e38b7eff8e
45 N7399776150834d5e9c5974c8aa86e40d
46 schema:publisher N23993eae3ecf4b85b9ee5a1915b7698a
47 schema:sameAs https://app.dimensions.ai/details/publication/pub.1051888941
48 https://doi.org/10.1007/11663812_4
49 schema:sdDatePublished 2022-05-10T10:55
50 schema:sdLicense https://scigraph.springernature.com/explorer/license/
51 schema:sdPublisher N81d92f95c11c4a47af779d25f35bf9ed
52 schema:url https://doi.org/10.1007/11663812_4
53 sgo:license sg:explorer/license/
54 sgo:sdDataset chapters
55 rdf:type schema:Chapter
56 N0ea153ea4ae74b08b8b2bf41621870c3 rdf:first sg:person.01265200500.82
57 rdf:rest Nc8753ceedc594ec29162e99fec803963
58 N23993eae3ecf4b85b9ee5a1915b7698a schema:name Springer Nature
59 rdf:type schema:Organisation
60 N34b9b8543f024d2a8d1056e38b7eff8e schema:name dimensions_id
61 schema:value pub.1051888941
62 rdf:type schema:PropertyValue
63 N462e4d5e2e8a4c748f9b5c18b7d4b863 rdf:first sg:person.013015522271.54
64 rdf:rest N0ea153ea4ae74b08b8b2bf41621870c3
65 N7399776150834d5e9c5974c8aa86e40d schema:name doi
66 schema:value 10.1007/11663812_4
67 rdf:type schema:PropertyValue
68 N81d92f95c11c4a47af779d25f35bf9ed schema:name Springer Nature - SN SciGraph project
69 rdf:type schema:Organization
70 N96d30baea82d4d8fbff88a6978bedb93 schema:familyName Zamboni
71 schema:givenName Diego
72 rdf:type schema:Person
73 Na9251929e603419ca33c843bf08432d5 schema:familyName Valdes
74 schema:givenName Alfonso
75 rdf:type schema:Person
76 Nc8753ceedc594ec29162e99fec803963 rdf:first sg:person.01143152610.86
77 rdf:rest rdf:nil
78 Nca03c4e1ae7c4cb08c893db34de91b88 rdf:first N96d30baea82d4d8fbff88a6978bedb93
79 rdf:rest rdf:nil
80 Ncc8fac4d3957469ea9fd74c56b5407ea schema:isbn 978-3-540-31778-4
81 978-3-540-31779-1
82 schema:name Recent Advances in Intrusion Detection
83 rdf:type schema:Book
84 Nf1192d6ebca04af3b5b313f5e83fbfcd rdf:first Na9251929e603419ca33c843bf08432d5
85 rdf:rest Nca03c4e1ae7c4cb08c893db34de91b88
86 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
87 schema:name Information and Computing Sciences
88 rdf:type schema:DefinedTerm
89 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
90 schema:name Information Systems
91 rdf:type schema:DefinedTerm
92 sg:person.01143152610.86 schema:affiliation grid-institutes:grid.147455.6
93 schema:familyName Song
94 schema:givenName Dawn
95 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86
96 rdf:type schema:Person
97 sg:person.01265200500.82 schema:affiliation grid-institutes:grid.147455.6
98 schema:familyName Reiter
99 schema:givenName Michael K.
100 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01265200500.82
101 rdf:type schema:Person
102 sg:person.013015522271.54 schema:affiliation grid-institutes:grid.147455.6
103 schema:familyName Gao
104 schema:givenName Debin
105 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013015522271.54
106 rdf:type schema:Person
107 grid-institutes:grid.147455.6 schema:alternateName Electrical & Computer Engineering Department, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA
108 Electrical & Computer Engineering Department, Computer Science Department, and CyLab, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA
109 schema:name Electrical & Computer Engineering Department, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA
110 Electrical & Computer Engineering Department, Computer Science Department, and CyLab, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA
111 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...