Improved Edit Distance Method for System Call Anomaly Detection

2012 ◽  
Author(s):  
Qian Quan ◽  
Wu Jinlin ◽  
Zhu Wei ◽  
Xin Mingjun
Keyword(s):  
Anomaly Detection ◽  
Edit Distance ◽  
System Call ◽  
Distance Method

Suffix array for multi-pattern matching with variable length wildcards

2021 ◽  
Vol 25 (2) ◽  
pp. 283-303
Author(s):  
Na Liu ◽  
Fei Xie ◽  
Xindong Wu
Keyword(s):  
Dynamic Programming ◽  
Data Structure ◽  
Pattern Matching ◽  
Edit Distance ◽  
State Of The Art ◽  
Suffix Array ◽  
Variable Length ◽  
Distance Method ◽  
Efficient Data ◽  
Comparison Algorithms

Approximate multi-pattern matching is an important issue that is widely and frequently utilized, when the pattern contains variable-length wildcards. In this paper, two suffix array-based algorithms have been proposed to solve this problem. Suffix array is an efficient data structure for exact string matching in existing studies, as well as for approximate pattern matching and multi-pattern matching. An algorithm called MMSA-S is for the short exact characters in a pattern by dynamic programming, while another algorithm called MMSA-L deals with the long exact characters by the edit distance method. Experimental results of Pizza & Chili corpus demonstrate that these two newly proposed algorithms, in most cases, are more time-efficient than the state-of-the-art comparison algorithms.

scholarly journals An Edge-Based Approach for Virtual Network Embedding Based on the Graph Edit Distance

2021 ◽  
Author(s):  
Ze Xi Xu ◽  
Lei Zhuang ◽  
Meng Yang He ◽  
Si Jin Yang ◽  
Yu Song ◽  
...  
Keyword(s):  
Edit Distance ◽  
Virtual Network ◽  
Cost Ratio ◽  
Virtual Network Embedding ◽  
Network Embedding ◽  
Graph Edit Distance ◽  
Network Resources ◽  
Network Resource ◽  
Distance Method ◽  
Edge Based

Abstract Virtualization and resource isolation techniques have enabled the efficient sharing of networked resources. How to control network resource allocation accurately and flexibly has gradually become a research hotspot due to the growth in user demands. Therefore, this paper presents a new edge-based virtual network embedding approach to studying this problem that employs a graph edit distance method to accurately control resource usage. In particular, to manage network resources efficiently, we restrict the use conditions of network resources and restrict the structure based on common substructure isomorphism and an improved spider monkey optimization algorithm is employed to prune redundant information from the substrate network. Experimental results showed that the proposed method achieves better performance than existing algorithms in terms of resource management capacity, including energy savings and the revenue-cost ratio.

scholarly journals A Host-Based Anomaly Detection Framework Using XGBoost and LSTM for IoT Devices

2020 ◽  
Vol 2020 ◽  
pp. 1-13
Author(s):  
Xiali Wang ◽  
Xiang Lu
Keyword(s):  
Anomaly Detection ◽  
Detection System ◽  
Gradient Boosting ◽  
System Call ◽  
Iot Security ◽  
Extreme Gradient Boosting ◽  
Ip Camera ◽  
Iot Devices ◽  
System Call Sequences ◽  
Abnormal Behaviors

The Internet of Things (IoT) is rapidly spreading in various application scenarios through its salient features in ubiquitous device connections, ranging from agriculture and industry to transportation and other fields. As the increasing spread of IoT applications, IoT security is gradually becoming one of the most significant issues to guard IoT devices against various cybersecurity threats. Usually, IoT devices are the main components responsible for sensing, computing, and transmitting; in this case, how to efficiently protect the IoT device itself away from cyber attacks, like malware, virus, and worm, becomes the vital point in IoT security. This paper presents a brand new architecture of intrusion detection system (IDS) for IoT devices, which is designed to identify device- or host-oriented attacks in a lightweight manner in consideration of limited computation resources on IoT devices. To this end, in this paper, we propose a stacking model to couple the Extreme Gradient Boosting (XGBoost) model and the Long Short-Term Memory (LSTM) model together for the abnormal state analysis on the IoT devices. More specifically, we adopt the system call sequence as the indicators of abnormal behaviors. The collected system call sequences are firstly processed by the famous n-gram model, which is a common method used for host-based intrusion detections. Then, the proposed stacking model is used to identify abnormal behaviors hidden in the system call sequences. To evaluate the performance of the proposed model, we establish a real-setting IP camera system and place several typical IoT attacks on the victim IP camera. Extensive experimental evaluations show that the stacking model has outperformed other existing anomaly detection solutions, and we are able to achieve a 0.983 AUC score in real-world data. Numerical testing demonstrates that the XGBoost-LSTM stacking model has excellent performance, stability, and the ability of generalization.

scholarly journals Enhanced Levenshtein Edit Distance Method functioning as a String-to-String Similarity Measure

2016 ◽  
Vol 42 (1) ◽  
pp. 48-54
Author(s):  
Abbas Al-Bakry ◽  
Marwa Al-Rikaby
Keyword(s):  
Similarity Measure ◽  
Time Complexity ◽  
Edit Distance ◽  
Original Method ◽  
Distance Method ◽  
String Similarity

Levenshtein is a Minimum Edit Distance method; it is usually used in spell checking applications for generatingcandidates. The method computes the number of the required edit operations to transform one string to another and it canrecognize three types of edit operations: deletion, insertion, and substitution of one letter. Damerau modified the Levenshteinmethod to consider another type of edit operations, the transposition of two adjacent letters, in addition to theconsidered three types. However, the modification suffers from the time complexity which was added to the original quadratictime complexity of the original method. In this paper, we proposed a modification for the original Levenshtein toconsider the same four types using very small number of matching operations which resulted in a shorter execution timeand a similarity measure is also achieved to exploit the resulted distance from any Edit Distance method for finding the amountof similarity between two given strings.

Anomaly Detection Using System Call Sequence Sets

2007 ◽  
Vol 2 (6) ◽  
Author(s):  
Surekha Mariam Varghese ◽  
K.Poulose Jacob
Keyword(s):  
Anomaly Detection ◽  
System Call ◽  
Call Sequence
Sign in / Sign up

Export Citation Format

Share Document