A Novel Similar Temporal System Call Pattern Mining for Efficient Intrusion Detection

Software security pattern mining is the recent research interest among researchers working in the areas of security and data mining. When an application runs, several process and system calls associated are invoked in background. In this paper, the major objective is to identify the intrusion using temporal pattern mining. The idea is to find normal temporal system call patterns and use these patterns to identify abnormal temporal system call patterns. For finding normal system call patterns, we use the concept of temporal association patterns. The reference sequence is used to obtain temporal association system call patterns satisfying specified dissimilarity threshold. To find similar (normal) temporal system call patterns, we apply our novel method which performs only a single database scan, reducing unnecessary extra overhead incurred when multiple scans are performed thus achieving space and time efficiency. The importance of the approach coins from the fact that this is first single database scan approach in the literature. To find if a given process is normal or abnormal, it is just sufficient to verify if there exists a temporal system call pattern which is not similar to the reference system call support sequence for specified threshold. This eliminates the need for finding decision rules by constructing decision table. The approach is efficient as it eliminates the need for finding decision rules (2 is usually very large for even small value of n) and thus aims at efficient dimensionality reduction as we consider only similar temporal system call sequence for deciding on intrusion.

[1]  C. V. Guru Rao,et al.  Document Clustering Using Hybrid XOR Similarity Function for Efficient Software Component Reuse , 2013, ITQM.

[2]  Xinmei Wang,et al.  A Useful Intrusion Detection System Prototype to Monitor Multi-processes Based on System Calls , 2001, ICICS.

[3]  Vangipuram Radhakrishna,et al.  A Novel Approach for Mining Similarity Profiled Temporal Association Patterns Using Venn Diagrams , 2015, ArXiv.

[4]  Xin Xu,et al.  Sequential anomaly detection based on temporal-difference learning: Principles, models and case studies , 2010, Appl. Soft Comput..

[5]  Bo Lang,et al.  An Intrusion Detection Method Based on System Call Temporal Serial Analysis , 2007, ICIC.

[6]  Michael D. Smith,et al.  Exploiting temporal consistency to reduce false positives in host-based, collaborative detection of worms , 2006, WORM '06.

[7]  Lee Sael,et al.  Procedia Computer Science , 2015 .

[8]  Shadi Aljawarneh,et al.  Cloud Security Engineering: Avoiding Security Threats the Right Way , 2011, Int. J. Cloud Appl. Comput..

[9]  Mohd. Aizani Bin Maarof,et al.  Fuzzy Intrusion Detection System via Data Mining Technique with Sequences of System Calls , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[10]  C. V. Guru Rao,et al.  A modified Gaussian similarity measure for clustering software components and documents , 2014, ISDOC.

[11]  Hong Chen,et al.  Network intrusion detection based on system calls and data mining , 2010, Frontiers of Computer Science in China.

[12]  Guiling Zhang Applying Mining Fuzzy Association Rules to Intrusion Detection Based on Sequences of System Calls , 2005, ICCNMC.

[13]  Oleksiy Mazhelis,et al.  Learning temporal patterns for anomaly intrusion detection , 2002, SAC '02.

[14]  Chenyi Hu,et al.  Enhancing network intrusion detection systems with interval methods , 2005, SAC '05.

[15]  Kyubum Wee,et al.  Construction of Finite Automata for Intrusion Detection from System Call Sequences by Genetic Algorithms , 2006, PAKDD.

[16]  V. Janaki,et al.  A Temporal Pattern Mining Based Approach for Intrusion Detection Using Similarity Measure , 2015 .

[17]  Vangipuram Radhakrishna,et al.  An Approach for Mining Similarity Profiled Temporal Association Patterns Using Gaussian Based Dissimilarity Measure , 2015 .

[18]  Shadi Aljawarneh,et al.  A Semantic Data Validation Service for Web Applications , 2010, J. Theor. Appl. Electron. Commer. Res..

[19]  Yuval Elovici,et al.  Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method , 2010, J. Syst. Softw..

[20]  Song Li,et al.  Temporal signatures for intrusion detection , 2001, Seventeenth Annual Computer Security Applications Conference.

[21]  Raman K. Mehra,et al.  Detection and classification of intrusions and faults using sequences of system calls , 2001, SGMD.

[22]  Xin Xu,et al.  A Reinforcement Learning Approach for Host-Based Intrusion Detection Using Sequences of System Calls , 2005, ICIC.