Finite Automata Models for Anomaly Detection

Ramezani, Vahid; Yang, Shah-An; Baras, John S.

View/Open

TR_2002-42.pdf (121.5Kb)
No. of downloads: 463

Date

2002

Author

Ramezani, Vahid

Yang, Shah-An

Baras, John S.

Advisor

Baras, John S.

Metadata

Show full item record

Abstract

A fundamental problem in intrusion detection is the fusion of dependent information sequences. In this paper, we consider the fusion of twosuch sequences, namely the sequences of system calls and thevalues of the instruction pointer. We introduce FAAD, a finite automatonrepresentation defined for the product alphabet of the two sequences wheredependencies are implicitly taken into account by a matchingprocedure. Our learning algorithm captures these dependencies through the application of certain parameterized functions. Through thechoice of thresholds and inner product structures, we areable to produce a compact representation of thenormal behavior of program.

URI

http://hdl.handle.net/1903/6275

Collections

Institute for Systems Research Technical Reports