Modeling System Calls for Intrusion Detection With Dynamic Window Sizes
Source: North Carolina State University
It extends prior research on system call anomaly detection modeling methods for intrusion detection by incorporating dynamic window sizes. The window size is the length of the subsequence of a system call trace which is used as the basic unit for modeling program or process behavior. This paper incorporates dynamic window sizes and show marked improvements in anomaly detection. It presents two methods for estimating the optimal window size based on the available training data.