A. P. Kosoresow and S. A. Hofmeyr. A shape of self for unix processes. IEEE Software, 14(5):35--42, 1997.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....might well be stationary (no ordered correlations among separate traces) 7] the sequences within the trace are not. Programs often have different distributions of sequences at the beginning of their execution than they do at the end, and there might be many such distinct regions within the trace [10]. Also, sequences of system calls are clearly not independent, especially when the sequences overlap as ours do. A second problem is that of characterizing the frequencies of abnormal sequences accurately. SRI takes a different approach in its Emerald system [8] Emerald compares short term ....

....testing. 2.4 Finite State Machines A machine learning approach to this problem would construct a finite state machine to recognize the language of the program traces. There are many techniques for building either deterministic or probabilistic automata for this sort of task, for example, [1, 16, 10]. These methods generally determine the frequencies with which individual symbols (system calls in our case) occur, conditioned on some number of previous symbols. Individual states in the automaton represent the recent history of output symbols, while transitions out of the states indicate both ....

A. P. Kosoresow and S. A. Hofmeyr. A shape of self for unix processes. IEEE Software, 14(5):35--42, 1997.

....might well be stationary (no ordered correlations among separate traces) 7] the sequences within the trace are not. Programs often have different distributions of sequences at the beginning of their execution than they do at the end, and there might be many such distinct regions within the trace [10]. Also, sequences of system calls are clearly not independent, especially when the sequences overlap as ours do. A second problem is that of characterizing the frequencies of abnormal sequences accurately. SRI takes a different approach in its Emerald system [8] Rather than using static ....

....testing. 2.4. Finite State Machines A machine learning approach to this problem would construct a finite state machine to recognize the language of the program traces. There are many techniques for building either deterministic or probabilistic automata for this sort of task, for example, [1, 16, 10]. These methods generally determine the frequencies with which individual symbols (system calls in our case) occur, conditioned on some number of previous symbols. Individual states in the automaton represent the recent history of observed symbols, while transitions out of the states indicate both ....

A. P. Kosoresow and S. A. Hofmeyr. A shape of self for UNIX processes. IEEE Software, 14(5):35--42, 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC