Title :
The Strength of Syntax Based Approaches to Dynamic Network Intrusion Detection
Author :
Scheirer, W. ; Chuah, M.
Author_Institution :
Dept. of Comput. Sci. & Eng., Lehigh Univ., Bethlehem, PA
Abstract :
In this paper, we investigate three syntax based, sliding window schemes for automatic intrusion detection. The first method, the fixed partition sliding window scheme (FPSW), uses a fixed window size and a one-byte sliding window. The second method, referred to as variable-length partition sliding window (VPSW), uses a variable length window with a predetermined breakmark. The third method, referred to as variable-length partition with multiple breakmarks (VPMB), is similar to VPSW except that multiple breakmarks are used. The results indicate that while the FPSW and VPSW methods are effective for detecting worms with mild changes in the worm code contents, VPMB is suitable for detecting fully polymorphic worms.
Keywords :
invasive software; security of data; telecommunication security; FPSW; VPMB; VPSW; dynamic network intrusion detection; fixed partition sliding window scheme; multiple breakmark; polymorphic worm detection; syntax strength; variable-length partition; Binary codes; Computer science; Computer worms; Decoding; Encoding; Face detection; Humans; Intrusion detection; Pattern matching; Telecommunication traffic;
Conference_Titel :
Information Sciences and Systems, 2006 40th Annual Conference on
Conference_Location :
Princeton, NJ
Print_ISBN :
1-4244-0349-9
Electronic_ISBN :
1-4244-0350-2
DOI :
10.1109/CISS.2006.286697
