Sequencegram: n-Gram Modeling of System Calls for Program Based Anomaly Detection
Intrusion Detection Systems (IDS) are an integral part of modern day security components. IDS are of two types, signature based and anomaly based. Former method detects only known attacks and later can detect both known and new attacks. It is this ability of anomaly based techniques that leads for considerable research interest. Anomaly detection techniques model the normal behavior and detect intrusions as deviations from this model. Modeling data can be derived from either network or from host. At the network level it can be packet header modeling and payload modeling, similarly at host level it is system call modeling.