Detecting Motifs in System Call Sequences
The search for patterns or motifs in data represents an area of key interest to many researchers. In this paper we present the Motif Tracking Algorithm, a novel immune inspired pattern identification tool that is able to identify unknown motifs which repeat within time series data. The power of the...
| Main Authors: | , , |
|---|---|
| Format: | Conference or Workshop Item |
| Published: |
2007
|
| Online Access: | https://eprints.nottingham.ac.uk/573/ |
| _version_ | 1848790434065678336 |
|---|---|
| author | Wilson, William Feyereisl, J Aickelin, Uwe |
| author_facet | Wilson, William Feyereisl, J Aickelin, Uwe |
| author_sort | Wilson, William |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | The search for patterns or motifs in data represents an area of key interest to many researchers. In this paper we present the Motif Tracking Algorithm, a novel immune inspired pattern identification tool that is able to identify unknown motifs which repeat within time series data. The power of the algorithm is derived from its use of a small number of parameters with minimal assumptions. The algorithm searches from a completely neutral perspective that is independent of the data being analysed and the underlying motifs. In this paper the motif tracking algorithm is applied to the search for patterns within sequences of low level system calls between the Linux kernel and the operating system’s user space. The MTA is able to compress data found in large system call data sets to a limited number of motifs which summarise that data. The motifs provide a resource from which a profile of executed processes can be built. The potential for these profiles and new implications for security research are highlighted. A higher level system call language for measuring similarity between patterns of such calls is also suggested. |
| first_indexed | 2025-11-14T18:12:33Z |
| format | Conference or Workshop Item |
| id | nottingham-573 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:12:33Z |
| publishDate | 2007 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-5732020-05-04T20:29:18Z https://eprints.nottingham.ac.uk/573/ Detecting Motifs in System Call Sequences Wilson, William Feyereisl, J Aickelin, Uwe The search for patterns or motifs in data represents an area of key interest to many researchers. In this paper we present the Motif Tracking Algorithm, a novel immune inspired pattern identification tool that is able to identify unknown motifs which repeat within time series data. The power of the algorithm is derived from its use of a small number of parameters with minimal assumptions. The algorithm searches from a completely neutral perspective that is independent of the data being analysed and the underlying motifs. In this paper the motif tracking algorithm is applied to the search for patterns within sequences of low level system calls between the Linux kernel and the operating system’s user space. The MTA is able to compress data found in large system call data sets to a limited number of motifs which summarise that data. The motifs provide a resource from which a profile of executed processes can be built. The potential for these profiles and new implications for security research are highlighted. A higher level system call language for measuring similarity between patterns of such calls is also suggested. 2007 Conference or Workshop Item PeerReviewed Wilson, William, Feyereisl, J and Aickelin, Uwe (2007) Detecting Motifs in System Call Sequences. In: Proceedings of the 8th International Workshop on Information Security Applications (WISA 2007), Jeju, Korea. |
| spellingShingle | Wilson, William Feyereisl, J Aickelin, Uwe Detecting Motifs in System Call Sequences |
| title | Detecting Motifs in System Call Sequences |
| title_full | Detecting Motifs in System Call Sequences |
| title_fullStr | Detecting Motifs in System Call Sequences |
| title_full_unstemmed | Detecting Motifs in System Call Sequences |
| title_short | Detecting Motifs in System Call Sequences |
| title_sort | detecting motifs in system call sequences |
| url | https://eprints.nottingham.ac.uk/573/ |