Back to Search
Start Over
Process Monitoring on Sequences of System Call Count Vectors
- Source :
- ICCST
- Publication Year :
- 2017
-
Abstract
- We introduce a methodology for efficient monitoring of processes running on hosts in a corporate network. The methodology is based on collecting streams of system calls produced by all or selected processes on the hosts, and sending them over the network to a monitoring server, where machine learning algorithms are used to identify changes in process behavior due to malicious activity, hardware failures, or software errors. The methodology uses a sequence of system call count vectors as the data format which can handle large and varying volumes of data. Unlike previous approaches, the methodology introduced in this paper is suitable for distributed collection and processing of data in large corporate networks. We evaluate the methodology both in a laboratory setting on a real-life setup and provide statistics characterizing performance and accuracy of the methodology.<br />5 pages, 4 figures, ICCST 2017
- Subjects :
- FOS: Computer and information sciences
Computer Science - Cryptography and Security
Computer science
Reliability (computer networking)
Feature extraction
0211 other engineering and technologies
Machine Learning (stat.ML)
02 engineering and technology
computer.software_genre
Machine Learning (cs.LG)
Software
System call
Statistics - Machine Learning
Server
0202 electrical engineering, electronic engineering, information engineering
021110 strategic, defence & security studies
business.industry
Process (computing)
Work in process
Computer Science - Learning
020201 artificial intelligence & image processing
Anomaly detection
Data mining
business
computer
Cryptography and Security (cs.CR)
Subjects
Details
- Language :
- English
- Database :
- OpenAIRE
- Journal :
- ICCST
- Accession number :
- edsair.doi.dedup.....5f9da4c5c8ca485c69e94022027a359b