Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Information Security Applications

WISA 2007: Information Security Applications pp 157–172Cite as

Detecting Motifs in System Call Sequences

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4867))

Abstract

The search for patterns or motifs in data represents an area of key interest to many researchers. In this paper we present the Motif Tracking Algorithm, a novel immune inspired pattern identification tool that is able to identify unknown motifs which repeat within time series data. The power of the algorithm is derived from its use of a small number of parameters with minimal assumptions. The algorithm searches from a completely neutral perspective that is independent of the data being analysed and the underlying motifs. In this paper the motif tracking algorithm is applied to the search for patterns within sequences of low level system calls between the Linux kernel and the operating system’s user space. The MTA is able to compress data found in large system call data sets to a limited number of motifs which summarise that data. The motifs provide a resource from which a profile of executed processes can be built. The potential for these profiles and new implications for security research are highlighted. A higher level system call language for measuring similarity between patterns of such calls is also suggested.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Nunn, I., White, T.: The application of antigenic search techniques to time series forecasting. In: GECCO, pp. 353–360 (June 2005)

    Google Scholar 

  2. Wilson, W.O., Birkin, P., Aickelin, U.: Motif detection inspired by immune memory. In: ICARIS 2007. Proceedings of the 6th International Conference on Artificial Immune Systems, Santos, Brazil. LNCS, Springer, Heidelberg (2007)

    Google Scholar 

  3. de Castro, L.N., Von Zuben, F.J.: Learning and optimization using the clonal selection principle. IEEE Transactions on Evolutionary Computation 6(3), 239–251 (2002)

    Article  Google Scholar 

  4. Lin, J., Keogh, E., Lonardi, S., Patel, P.: Finding motifs in time series. In: The 2nd workshop on temporal data mining, at the 8th ACM SIGKDD international conference on knowledge discovery and data mining (July 2002)

    Google Scholar 

  5. Guan, X., Uberbacher, E.C.: A fast look up algorithm for detecting repetitive DNA sequences. In: Pacific symposium on biocomputing, Hawaii IEEE Tran. Control Systems Tech. (December 1996)

    Google Scholar 

  6. Keogh, E., Smyth, P.: A probabilistic approach to fast pattern matching in time series databases. In: Proceedings of the third international conference of knowledge discovery and data mining, pp. 20–24 (1997)

    Google Scholar 

  7. Faloutsos, C., Ranganathan, M., Manolopoulos, Y.: Fast subsequence matching in time series databases. In: Proceedings of the SIGMOD conference, pp. 419–429 (1994)

    Google Scholar 

  8. Chiu, B., Keogh, E., Lonardi, S.: Probabilistic discovery of time series motifs. In: SIGKDD (August 2003)

    Google Scholar 

  9. Lin, J., Keogh, E., Lonardi, S.: Visualizing and discovering non trivial patterns in large time series databases. Information visualization 4(2), 61–82 (2005)

    Article  Google Scholar 

  10. Tanaka, Y., Uehara, K.: Discover motifs in multi-dimensional time series using the principal component analysis and the MDL principle. In: 3rd international conference on machine learning and data mining in pattern recognition, Leipzig, Germany, pp. 252–265 (2003)

    Google Scholar 

  11. Fu, T.C., Chung, F.L., Ng, V., Luk, R.: Pattern discovery from stock market time series using self organizing maps. In: Workshop notes of KDD 2001 workshop on temporal data mining, San francisco, CA, pp. 27–37 (2001)

    Google Scholar 

  12. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for UNIX processes. In: IEEE Symposium on Security and Privacy, pp. 120–128. IEEE Computer Society Press, Oakland, CA (1996)

    Google Scholar 

  13. Sekar, R., Bowen, T., Segal, M.: On preventing intrusions by process behavior monitoring. In: Proceedings of the Workshop on Intrusion Detection and Network Monitoring, pp. 29–40. USENIX Association, Berkeley, CA (1999)

    Google Scholar 

  14. Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models. In: Proceedings of the 1999 Conference on Security and Privacy (S&P-99), pp. 133–145. IEEE Press, Los Alamitos (1999)

    Google Scholar 

  15. Tandon, G., Chan, P., Mitra, D.: Morpheus: Motif oriented representations to purge hostile events from unlabeled sequences. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 16–25. ACM Press, New York (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, The University of Nottingham, UK

    William O. Wilson, Jan Feyereisl & Uwe Aickelin

Authors
  1. William O. Wilson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Feyereisl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Uwe Aickelin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Industrial Engineering, KAIST, 373-1, Guseong-dong, Yuseong-gu, 305-701, Daejeon, Korea

    Sehun Kim

  2. RSA Labs, EMC Corp. and Department of Computer Science, Columbia University,, USA

    Moti Yung

  3. Div. Computer Information of Software, Hanshin University, 411, Yangsan-dong, 447-791, Osan, Gyunggi, South Korea

    Hyung-Woo Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wilson, W.O., Feyereisl, J., Aickelin, U. (2007). Detecting Motifs in System Call Sequences. In: Kim, S., Yung, M., Lee, HW. (eds) Information Security Applications. WISA 2007. Lecture Notes in Computer Science, vol 4867. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77535-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77535-5_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77534-8

  • Online ISBN: 978-3-540-77535-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation