DOIAbstract
this paper presents a novel anomaly detection approach that takes into account the information contained in system call arguments. We introduce several models that learn the characteristics of legitimate argument values and are capable of finding malicious instances. Based on the proposed models, we developed a host-based intrusion detection system that monitors running applications to identify malicious behavior. The system includes a novel technique for performing Bayesian classification of the outputs of individual detection models. This technique provides an improvement over the nave threshold-based schemes traditionally used to combine model output
Add to ORKG