Title :
Two state-based approaches to program-based anomaly detection
Author :
Michael, C.C. ; Ghosh, Anup
Author_Institution :
RST Res. Labs., USA
Abstract :
This paper describes two intrusion detection algorithms, and gives experimental results on their performance. The algorithms detect anomalies in execution audit data. One is a simply constructed finite-state machine, and the other monitors statistical deviations from normal program behavior. The performance of these algorithms is evaluated as a function of the amount of available training data, and they are compared to the well-known intrusion detection technique of looking for novel n-grams in computer audit data
Keywords :
auditing; finite state machines; security of data; software performance evaluation; algorithm performance; execution audit data; experimental results; finite-state machine; intrusion detection algorithms; n-grams; program-based anomaly detection; state-based approaches; statistical deviation monitoring; Automatic testing; Birth disorders; Hidden Markov models; Intrusion detection; Learning automata; Statistics; Training data;
Conference_Titel :
Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference
Conference_Location :
New Orleans, LA
Print_ISBN :
0-7695-0859-6
DOI :
10.1109/ACSAC.2000.898854