Suppose to toss an independent coin with equal probability of success and failure for each subset of [n] = {1, 2, ..., n}, and form the random hypergraph H(n) by taking as hyperedges the subsets with successful coin t...Suppose to toss an independent coin with equal probability of success and failure for each subset of [n] = {1, 2, ..., n}, and form the random hypergraph H(n) by taking as hyperedges the subsets with successful coin tosses. It is proved that H(n) is almost surely connected. By defining a graph G(S) according to a subset system S, it is shown that the intersecting problem is NP-complete.展开更多
This paper presents an anomaly detection approach to detect intrusions into computer systems. In this approach, a hierarchical hidden Markov model (HHMM) is used to represent a temporal profile of normal behavior in...This paper presents an anomaly detection approach to detect intrusions into computer systems. In this approach, a hierarchical hidden Markov model (HHMM) is used to represent a temporal profile of normal behavior in a computer system. The HHMM of the norm profile is learned from historic data of the system's normal behavior. The observed behavior of the system is analyzed to infer the probability that the HHMM of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The model was implemented and tested on the UNIX system call sequences collected by the University of New Mexico group. The testing results showed that the model can clearly identify the anomaly activities and has a better performance than hidden Markov model.展开更多
Library function call sequence is the direct reflection of a program's behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is pr...Library function call sequence is the direct reflection of a program's behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities.展开更多
文摘Suppose to toss an independent coin with equal probability of success and failure for each subset of [n] = {1, 2, ..., n}, and form the random hypergraph H(n) by taking as hyperedges the subsets with successful coin tosses. It is proved that H(n) is almost surely connected. By defining a graph G(S) according to a subset system S, it is shown that the intersecting problem is NP-complete.
基金Supported by the Science and Technology Development Project Foundation of Tianjin (033800611, 05YFGZGX24200)
文摘This paper presents an anomaly detection approach to detect intrusions into computer systems. In this approach, a hierarchical hidden Markov model (HHMM) is used to represent a temporal profile of normal behavior in a computer system. The HHMM of the norm profile is learned from historic data of the system's normal behavior. The observed behavior of the system is analyzed to infer the probability that the HHMM of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The model was implemented and tested on the UNIX system call sequences collected by the University of New Mexico group. The testing results showed that the model can clearly identify the anomaly activities and has a better performance than hidden Markov model.
基金Supported by the Science and Technology Development Project Foundation of Tianjin (033800611, 05YFGZGX24200)
文摘Library function call sequence is the direct reflection of a program's behavior. The relationship between program vulnerability and library calls is analyzed, and an intrusion detection method via library calls is proposed, in which the short sequences of library call are used as signature profile. In this intrusion detection method, library interposition is used to hook library calls, and with the discussion of the features of the library call sequence in detail, an algorithm based on information-theory is applied to determine the appropriate length of the library call sequence. Experiments show good performance of our method against intrusions caused by the popular program vulnerabilities.
