Behavioral Distance Measurement Using Hidden Markov Models View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2006

AUTHORS

Debin Gao , Michael K. Reiter , Dawn Song

ABSTRACT

The behavioral distance between two processes is a measure of the deviation of their behaviors. Behavioral distance has been proposed for detecting the compromise of a process, by computing its behavioral distance from another process executed on the same input. Provided that the two processes are diverse and so unlikely to fall prey to the same attacks, an increase in behavioral distance might indicate the compromise of one of them. In this paper we propose a new approach to behavioral distance calculation using a new type of Hidden Markov Model. We also empirically evaluate the intrusion detection capability of our proposal when used to measure the distance between the system-call behaviors of diverse web servers. Our experiments show that it detects intrusions with substantially greater accuracy and with performance overhead comparable to that of prior proposals. More... »

PAGES

19-40

Book

TITLE

Recent Advances in Intrusion Detection

ISBN

978-3-540-39723-6
978-3-540-39725-0

Author Affiliations

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/11856214_2

DOI

http://dx.doi.org/10.1007/11856214_2

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1047441892


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information Systems", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Carnegie Mellon University", 
          "id": "http://www.grid.ac/institutes/grid.147455.6", 
          "name": [
            "Carnegie Mellon University"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Gao", 
        "givenName": "Debin", 
        "id": "sg:person.013015522271.54", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013015522271.54"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Carnegie Mellon University", 
          "id": "http://www.grid.ac/institutes/grid.147455.6", 
          "name": [
            "Carnegie Mellon University"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Reiter", 
        "givenName": "Michael K.", 
        "id": "sg:person.01265200500.82", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01265200500.82"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Carnegie Mellon University", 
          "id": "http://www.grid.ac/institutes/grid.147455.6", 
          "name": [
            "Carnegie Mellon University"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Song", 
        "givenName": "Dawn", 
        "id": "sg:person.01143152610.86", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2006", 
    "datePublishedReg": "2006-01-01", 
    "description": "The behavioral distance between two processes is a measure of the deviation of their behaviors. Behavioral distance has been proposed for detecting the compromise of a process, by computing its behavioral distance from another process executed on the same input. Provided that the two processes are diverse and so unlikely to fall prey to the same attacks, an increase in behavioral distance might indicate the compromise of one of them. In this paper we propose a new approach to behavioral distance calculation using a new type of Hidden Markov Model. We also empirically evaluate the intrusion detection capability of our proposal when used to measure the distance between the system-call behaviors of diverse web servers. Our experiments show that it detects intrusions with substantially greater accuracy and with performance overhead comparable to that of prior proposals.", 
    "editor": [
      {
        "familyName": "Zamboni", 
        "givenName": "Diego", 
        "type": "Person"
      }, 
      {
        "familyName": "Kruegel", 
        "givenName": "Christopher", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/11856214_2", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-540-39723-6", 
        "978-3-540-39725-0"
      ], 
      "name": "Recent Advances in Intrusion Detection", 
      "type": "Book"
    }, 
    "keywords": [
      "Hidden Markov Model", 
      "intrusion detection capability", 
      "system call behavior", 
      "behavioral distance measurement", 
      "behavioral distance", 
      "Markov model", 
      "web server", 
      "same attack", 
      "distance calculation", 
      "prior proposals", 
      "same input", 
      "detection capability", 
      "new approach", 
      "distance measurements", 
      "server", 
      "proposal", 
      "greater accuracy", 
      "attacks", 
      "capability", 
      "accuracy", 
      "new type", 
      "process", 
      "compromise", 
      "input", 
      "model", 
      "performance", 
      "distance", 
      "experiments", 
      "intrusion", 
      "behavior", 
      "measures", 
      "types", 
      "deviation", 
      "calculations", 
      "measurements", 
      "increase", 
      "prey", 
      "paper", 
      "approach"
    ], 
    "name": "Behavioral Distance Measurement Using Hidden Markov Models", 
    "pagination": "19-40", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1047441892"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/11856214_2"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/11856214_2", 
      "https://app.dimensions.ai/details/publication/pub.1047441892"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-10T10:37", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220509/entities/gbq_results/chapter/chapter_119.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/11856214_2"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/11856214_2'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/11856214_2'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/11856214_2'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/11856214_2'


 

This table displays all metadata directly associated to this object as RDF triples.

118 TRIPLES      23 PREDICATES      65 URIs      58 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/11856214_2 schema:about anzsrc-for:08
2 anzsrc-for:0806
3 schema:author N34041ca76ebe421b981e6c44c379220f
4 schema:datePublished 2006
5 schema:datePublishedReg 2006-01-01
6 schema:description The behavioral distance between two processes is a measure of the deviation of their behaviors. Behavioral distance has been proposed for detecting the compromise of a process, by computing its behavioral distance from another process executed on the same input. Provided that the two processes are diverse and so unlikely to fall prey to the same attacks, an increase in behavioral distance might indicate the compromise of one of them. In this paper we propose a new approach to behavioral distance calculation using a new type of Hidden Markov Model. We also empirically evaluate the intrusion detection capability of our proposal when used to measure the distance between the system-call behaviors of diverse web servers. Our experiments show that it detects intrusions with substantially greater accuracy and with performance overhead comparable to that of prior proposals.
7 schema:editor N75d8f9d9370f4570ad78324a9cd476ce
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf N98f817696edf4bb2bdf8f35a55786d3f
12 schema:keywords Hidden Markov Model
13 Markov model
14 accuracy
15 approach
16 attacks
17 behavior
18 behavioral distance
19 behavioral distance measurement
20 calculations
21 capability
22 compromise
23 detection capability
24 deviation
25 distance
26 distance calculation
27 distance measurements
28 experiments
29 greater accuracy
30 increase
31 input
32 intrusion
33 intrusion detection capability
34 measurements
35 measures
36 model
37 new approach
38 new type
39 paper
40 performance
41 prey
42 prior proposals
43 process
44 proposal
45 same attack
46 same input
47 server
48 system call behavior
49 types
50 web server
51 schema:name Behavioral Distance Measurement Using Hidden Markov Models
52 schema:pagination 19-40
53 schema:productId Na52ae672e8d34f1797ee67bfc9ad2369
54 Nb72c9e35e2e242a39f3221f7ec62bd77
55 schema:publisher Ne857a0760dab4913a4fb38e421e0d27a
56 schema:sameAs https://app.dimensions.ai/details/publication/pub.1047441892
57 https://doi.org/10.1007/11856214_2
58 schema:sdDatePublished 2022-05-10T10:37
59 schema:sdLicense https://scigraph.springernature.com/explorer/license/
60 schema:sdPublisher N24e923a64f0043c4829ee575c6b6e938
61 schema:url https://doi.org/10.1007/11856214_2
62 sgo:license sg:explorer/license/
63 sgo:sdDataset chapters
64 rdf:type schema:Chapter
65 N0026484c887a48cb8ea6dcc22113b6c1 rdf:first sg:person.01143152610.86
66 rdf:rest rdf:nil
67 N15de4befb75246feabcaf1899a3a18ae schema:familyName Kruegel
68 schema:givenName Christopher
69 rdf:type schema:Person
70 N24e923a64f0043c4829ee575c6b6e938 schema:name Springer Nature - SN SciGraph project
71 rdf:type schema:Organization
72 N34041ca76ebe421b981e6c44c379220f rdf:first sg:person.013015522271.54
73 rdf:rest N4910d03131564880acbed96dc7102bf1
74 N4910d03131564880acbed96dc7102bf1 rdf:first sg:person.01265200500.82
75 rdf:rest N0026484c887a48cb8ea6dcc22113b6c1
76 N75d8f9d9370f4570ad78324a9cd476ce rdf:first Na188c68186a24285bd31fcd32eb31507
77 rdf:rest Na694e3b6559347f3a503f92694481db6
78 N98f817696edf4bb2bdf8f35a55786d3f schema:isbn 978-3-540-39723-6
79 978-3-540-39725-0
80 schema:name Recent Advances in Intrusion Detection
81 rdf:type schema:Book
82 Na188c68186a24285bd31fcd32eb31507 schema:familyName Zamboni
83 schema:givenName Diego
84 rdf:type schema:Person
85 Na52ae672e8d34f1797ee67bfc9ad2369 schema:name dimensions_id
86 schema:value pub.1047441892
87 rdf:type schema:PropertyValue
88 Na694e3b6559347f3a503f92694481db6 rdf:first N15de4befb75246feabcaf1899a3a18ae
89 rdf:rest rdf:nil
90 Nb72c9e35e2e242a39f3221f7ec62bd77 schema:name doi
91 schema:value 10.1007/11856214_2
92 rdf:type schema:PropertyValue
93 Ne857a0760dab4913a4fb38e421e0d27a schema:name Springer Nature
94 rdf:type schema:Organisation
95 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
96 schema:name Information and Computing Sciences
97 rdf:type schema:DefinedTerm
98 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
99 schema:name Information Systems
100 rdf:type schema:DefinedTerm
101 sg:person.01143152610.86 schema:affiliation grid-institutes:grid.147455.6
102 schema:familyName Song
103 schema:givenName Dawn
104 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86
105 rdf:type schema:Person
106 sg:person.01265200500.82 schema:affiliation grid-institutes:grid.147455.6
107 schema:familyName Reiter
108 schema:givenName Michael K.
109 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01265200500.82
110 rdf:type schema:Person
111 sg:person.013015522271.54 schema:affiliation grid-institutes:grid.147455.6
112 schema:familyName Gao
113 schema:givenName Debin
114 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013015522271.54
115 rdf:type schema:Person
116 grid-institutes:grid.147455.6 schema:alternateName Carnegie Mellon University
117 schema:name Carnegie Mellon University
118 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...