Finite Automata Models for Anomaly Detection
Title : Finite Automata Models for Anomaly Detection
Authors :
Date: March 12 - March 14, 2003
Authors :
Yang, Shahan
Baras, John S.
V. Ramezani
Conference : 37th Conference on Information Sciences and Systems (CISS) pp. 1-5 Baras, John S.
V. Ramezani
Date: March 12 - March 14, 2003
A fundamental problem in Intrusion detection is the fusion of dependent information sequences.In this paper ,we consider the fusion of two such sequences ,namely the sequence of system calls and the value of the instruction pointer. We introduce FAAD, a finite automation representation defined for the product alphabet of the two sequences where dependencies are implicitly taken into account by a matching procedure. Our learning algorithm captures these dependencies through the application of certain parameterized functions. Through the choice of thresholds and inner product structures, we are able to produce a compact representation of the normal behavior of a program.
Download Full Paper