A Reference Based Analysis Framework for Analyzing System Call Traces
- ORNL
- University of Minnesota
Reference based analysis (RBA) is a novel data mining tool for exploring a test data set with respect to a reference data set. The power of RBA lies in it ability to transform any complex data type, such as symbolic sequences and multi-variate categorical data instances, into a multivariate continuous representation. The transformed representation not only allows visualization of the complex data, which cannot be otherwise visualized in its original form, but also allows enhanced anomaly detection in the transformed feature space. We demonstrate the application of the RBA framework in analyzing system call traces and show how the transformation results in improved intrusion detection performance over state of art data mining based intrusion detection methods developed for system call traces.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 1027398
- Resource Relation:
- Conference: 6th Annual Cyber Security and Information Intelligence Research Workshop April 21 - 23, 2010, Oak Ridge, TN, USA, 20100421, 20100421
- Country of Publication:
- United States
- Language:
- English
Similar Records
A Visual Analytics Framework for the Detection of Anomalous Call Stack Trees in High Performance Computing Applications
CrossVis: A visual analytics system for exploring heterogeneous multivariate data with applications to materials and climate sciences