Abstract
The characterization of processes behavior is usually considered whenperforming intrusion detection. Several works characterize specific aspects of systemsand attempt to detect novelties in that context, associating observed anomalies to at-tack events. Such approach is limited or even useless when the observed context isunstructured, i.e. when the monitor generates text-based log files or a variable numberof application attributes. In order to overcome such drawback, this paper considersthe use of single-pass clustering techniques to quantize unstructured data and generatetime series, using algorithms with low computational complexity, applicable in a real-world scenario. Afterward, novelty detection techniques are employed on such seriesto distinguish behavior anomalies, which are associated with intrusions. We evaluatedthe approach using a system characterization dataset and confirmed that it aggregatescontext information to represent the behavior of applications as time series, wherenovelty detection can be successfully performed.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.