Communications of the ACM
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Intrusion Detection via System Call Traces
IEEE Software
Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
An Immunological Approach to Change Detection: Algorithms, Analysis and Implications
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Intrusion detection using sequences of system calls
Journal of Computer Security
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
System Call Monitoring Using Authenticated System Calls
IEEE Transactions on Dependable and Secure Computing
Automating mimicry attacks using static binary analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A malware detection algorithm based on multi-view fusion
ICONIP'10 Proceedings of the 17th international conference on Neural information processing: models and applications - Volume Part II
Malware detection using assembly and API call sequences
Journal in Computer Virology
A pattern discovery approach to retail fraud detection
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
A gray-box DPDA-based intrusion detection technique using system-call monitoring
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Run-time malware detection based on positive selection
Journal in Computer Virology
Behavior analysis-based dynamic trust measurement model
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Anomaly detection method based on HMMs using system call and call stack information
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Neural network techniques for host anomaly intrusion detection using fixed pattern transformation
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
Detecting the deviations of privileged process execution
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Behavioral distance for intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Behavioral distance measurement using hidden markov models
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
A fast host-based intrusion detection system using rough set theory
Transactions on Rough Sets IV
Taint-enhanced anomaly detection
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Investigative behavior profiling with one class SVM for computer forensics
MIWAI'11 Proceedings of the 5th international conference on Multi-Disciplinary Trends in Artificial Intelligence
NORT: runtime anomaly-based monitoring of malicious behavior for windows
RV'11 Proceedings of the Second international conference on Runtime verification
Hi-index | 0.00 |
Audit trail patterns generated on behalf of a Unix process canb e used to model the process behavior. Most of the approaches proposed so far use a table of fixed-length patterns to represent the process model. However, variable-length patterns seem to be more naturally suited to model the process behavior, but they are also more difficult to construct. In this paper, we present a novel technique to build a table of variable-length patterns. This technique is based on Teiresias, an algorithm initially developed for discovering rigid patterns in unaligned biological sequences. We evaluate the quality of our technique in a testbed environment, and compare it with the intrusion-detection system proposed by Forrest et al. [8], which is based on fixed-length patterns. The results achieved with our novel method are significantly better than those obtained with the original method based on fixed-length patterns.