Automated Approach to Intrusion Detection in VM-based Dynamic Execution Environment

Authors

  • Feng Zhao School of Computer Science and Technology
  • Hai Jin School of Computer Science and Technology

Keywords:

Intrusion detection, virtual machine, hidden Markov model (HMM), sequential data mining, dynamic graph

Abstract

Because virtual computing platforms are dynamically changing, it is difficult to build high-quality intrusion detection system. In this paper, we present an automated approach to intrusions detection in order to maintain sufficient performance and reduce dependence on execution environment. We discuss a hidden Markov model strategy for abnormality detection using frequent system call sequences, letting us identify attacks and intrusions automatically and efficiently. We also propose an automated mining algorithm, named AGAS, to generate frequent system call sequences. In our approach, the detection performance is adaptively tuned according to the execution state every period. To improve performance, the period value is also under self-adjustment.

Downloads

Download data is not yet available.

Downloads

Published

2012-07-18

How to Cite

Zhao, F., & Jin, H. (2012). Automated Approach to Intrusion Detection in VM-based Dynamic Execution Environment. COMPUTING AND INFORMATICS, 31(2), 271–297. Retrieved from https://www.cai.sk/ojs/index.php/cai/article/view/941

Issue

Vol. 31 No. 2 (2012): Computing and Informatics

Section

Articles