ICALP '01 Proceedings of the 28th International Colloquium on Automata, Languages and Programming,
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Reliable Detection of Episodes in Event Sequences
ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Reliable detection of episodes in event sequences
Knowledge and Information Systems
Journal of the ACM (JACM)
Guest Editorial: From intrusion detection to self-protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers
Journal of Management Information Systems
New malicious code detection using variable length n-grams
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Hi-index | 0.00 |
This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. The models can be used for intrusion-detection purposes. First, we present a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Second, we propose various techniques to derive either fixed-length or variable-length patterns from the input data sets. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.