Intrusion Detection Using Variable-Length Audit Trail Patterns

Intrusion Detection Using Variable-Length Audit Trail Patterns

Audit trail patterns generated on behalf of a Unix process can be used to model the process behavior. Most of the approaches proposed so far use a table of fixed-length patterns to represent the process model. However, variable-length patterns seem to be more naturally suited to model the process be...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Wespi, Andreas, Dacier, Marc, Debar, Hervé
Format: Buchkapitel
Sprache:eng
Schlagworte:
Applied sciences
C2 audit trail
Computer science
control theory
systems
Computer systems and distributed systems. User interface
Exact sciences and technology
functionality verification tests
Intrusion detection
pattern discovery
pattern matching
Software
Teiresias
variable-length patterns
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Audit trail patterns generated on behalf of a Unix process can be used to model the process behavior. Most of the approaches proposed so far use a table of fixed-length patterns to represent the process model. However, variable-length patterns seem to be more naturally suited to model the process behavior, but they are also more difficult to construct. In this paper, we present a novel technique to build a table of variable-length patterns. This technique is based on Teiresias, an algorithm initially developed for discovering rigid patterns in unaligned biological sequences. We evaluate the quality of our technique in a testbed environment, and compare it with the intrusion-detection system proposed by Forrest et al. [8], which is based on fixed-length patterns. The results achieved with our novel method are significantly better than those obtained with the original method based on fixed-length patterns.
ISSN:0302-9743
1611-3349
DOI:10.1007/3-540-39945-3_8