A survey of intrusion detection techniques
Computers and Security
Fast Multipattern Search Algorithms for Intrusion Detection
SPIRE '00 Proceedings of the Seventh International Symposium on String Processing Information Retrieval (SPIRE'00)
An Immunological Approach to Change Detection: Algorithms, Analysis and Implications
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Fast Multipattern Search Algorithms for Intrusion Detection
Fundamenta Informaticae - Computing Patterns in Strings
Hi-index | 0.00 |
We present a pattern matching approach to the problem of misuse detection in a computer system, which is formalized as the problem of multiple approximate pattern matching. This permits very fast searching of potential attacks. We study the probability of matching of the model and its relation to the filtering efficiency of potential attacks within large audit trails. Experimental results show that in a worst case, up to 85 % of an audit trail may be filtered out when searching a set of attacks without probability of false negatives. Moreover, by filtering 98 % of the audit trail, up to 50 % of the attacks may be detected.