Portal de Periódicos da CAPES

Host-Specific Outlier Detection Using Process Relation Semantics with Graph Mining

2022; Springer International Publishing; Linguagem: Inglês

10.1007/978-981-16-5685-9_44

2367-4512

Binayak Panda, Satya Narayan Tripathy,

Anomaly Detection Techniques and Applications

Many small-scale organizations use computer system to run their business logic with a preferred list of application programs. They are open to threats in the form of an unknown or unrecognized program. The existing antivirus vendors use static as well as dynamic methods to protect a host from possible known threats, but they do not distinguish programs based on host-specific program list. It motivates to have a system which considers host-specific preference list of application and protects from any possible threat like unknown or unrecognized program. In this paper, a “Host Specific Outlier Detection Model” is proposed which learns all possible process relation semantics of a host using graph-based learning approach to detect an outlier program. The proposed system uses graph to represent the semantic relation among the processes running on a host in terms of predecessor and successor. Such a graph is named as process relation graph (PRG), and the paths of this graph are considered as key features representing the process relation semantics for a given process snapshot of the host. An optimized number of PRG’s are collected dynamically on a host to build a generalized process relation graph (GPRG). Such a GPRG enables detection of any outlier program with an accuracy of 96% for a suspected PRG at any time instance.