Intrusion detection using variable-length audit trail patterns. Wespi, A., Dacier, M., & Debar, H. In Debar, H., Mé, L., & Wu, S., editors, Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), volume 1907, of Lecture Notes in Computer Science, pages 110--129, Toulouse, France, October, 2000. Springer Berlin Heidelberg. 00223 bibtex: wespi2000intrusion![Intrusion detection using variable-length audit trail patterns [link]](https://bibbase.org/img/filetypes/link.svg "link")
Paper doi abstract bibtex Audit trail patterns generated on behalf of a Unix process can be used to model the process behavior. Most of the approaches proposed so far use a table of fixed-length patterns to represent the process model. However, variable-length patterns seem to be more naturally suited to model the process behavior, but they are also more difficult to construct. In this paper, we present a novel technique to build a table of variable-length patterns. This technique is based on Teiresias, an algorithm initially developed for discovering rigid patterns in unaligned biological sequences. We evaluate the quality of our technique in a testbed environment, and compare it with the intrusion-detection system proposed by Forrest et al. [8], which is based on fixed-length patterns. The results achieved with our novel method are significantly better than those obtained with the original method based on fixed-length patterns.
@inproceedings{ wespi_intrusion_2000,
address = {Toulouse, France},
series = {Lecture {Notes} in {Computer} {Science}},
title = {Intrusion detection using variable-length audit trail patterns},
volume = {1907},
isbn = {978-3-540-41085-0},
url = {http://dx.doi.org/10.1007/3-540-39945-3_8},
doi = {10.1007/3-540-39945-3<sub>8</sub>},
abstract = {Audit trail patterns generated on behalf of a Unix process can be used to model the process behavior. Most of the approaches proposed so far use a table of fixed-length patterns to represent the process model. However, variable-length patterns seem to be more naturally suited to model the process behavior, but they are also more difficult to construct. In this paper, we present a novel technique to build a table of variable-length patterns. This technique is based on Teiresias, an algorithm initially developed for discovering rigid patterns in unaligned biological sequences. We evaluate the quality of our technique in a testbed environment, and compare it with the intrusion-detection system proposed by Forrest et al. [8], which is based on fixed-length patterns. The results achieved with our novel method are significantly better than those obtained with the original method based on fixed-length patterns.},
booktitle = {Proceedings of the {Third} {International} {Workshop} on {Recent} {Advances} in {Intrusion} {Detection} ({RAID} 2000)},
publisher = {Springer Berlin Heidelberg},
author = {Wespi, Andreas and Dacier, Marc and Debar, Hervé},
editor = {Debar, Hervé and Mé, Ludovic and Wu, S.Felix},
month = {October},
year = {2000},
note = {00223 bibtex: wespi2000intrusion},
keywords = {C2 audit trail, Intrusion detection, Teiresias, functionality verification tests, pattern discovery, pattern matching, variable-length patterns},
pages = {110--129}
}
Downloads: 0
{"_id":{"_str":"5298aa259eb585cc260009b8"},"__v":0,"authorIDs":[],"author_short":["Wespi, A.","Dacier, M.","Debar, H."],"bibbaseid":"wespi-dacier-debar-intrusiondetectionusingvariablelengthaudittrailpatterns-2000","bibdata":{"abstract":"Audit trail patterns generated on behalf of a Unix process can be used to model the process behavior. Most of the approaches proposed so far use a table of fixed-length patterns to represent the process model. However, variable-length patterns seem to be more naturally suited to model the process behavior, but they are also more difficult to construct. In this paper, we present a novel technique to build a table of variable-length patterns. This technique is based on Teiresias, an algorithm initially developed for discovering rigid patterns in unaligned biological sequences. We evaluate the quality of our technique in a testbed environment, and compare it with the intrusion-detection system proposed by Forrest et al. [8], which is based on fixed-length patterns. The results achieved with our novel method are significantly better than those obtained with the original method based on fixed-length patterns.","address":"Toulouse, France","author":["Wespi, Andreas","Dacier, Marc","Debar, Hervé"],"author_short":["Wespi, A.","Dacier, M.","Debar, H."],"bibtex":"@inproceedings{ wespi_intrusion_2000,\n address = {Toulouse, France},\n series = {Lecture {Notes} in {Computer} {Science}},\n title = {Intrusion detection using variable-length audit trail patterns},\n volume = {1907},\n isbn = {978-3-540-41085-0},\n url = {http://dx.doi.org/10.1007/3-540-39945-3_8},\n doi = {10.1007/3-540-39945-3<sub>8</sub>},\n abstract = {Audit trail patterns generated on behalf of a Unix process can be used to model the process behavior. Most of the approaches proposed so far use a table of fixed-length patterns to represent the process model. However, variable-length patterns seem to be more naturally suited to model the process behavior, but they are also more difficult to construct. In this paper, we present a novel technique to build a table of variable-length patterns. This technique is based on Teiresias, an algorithm initially developed for discovering rigid patterns in unaligned biological sequences. We evaluate the quality of our technique in a testbed environment, and compare it with the intrusion-detection system proposed by Forrest et al. [8], which is based on fixed-length patterns. The results achieved with our novel method are significantly better than those obtained with the original method based on fixed-length patterns.},\n booktitle = {Proceedings of the {Third} {International} {Workshop} on {Recent} {Advances} in {Intrusion} {Detection} ({RAID} 2000)},\n publisher = {Springer Berlin Heidelberg},\n author = {Wespi, Andreas and Dacier, Marc and Debar, Hervé},\n editor = {Debar, Hervé and Mé, Ludovic and Wu, S.Felix},\n month = {October},\n year = {2000},\n note = {00223 bibtex: wespi2000intrusion},\n keywords = {C2 audit trail, Intrusion detection, Teiresias, functionality verification tests, pattern discovery, pattern matching, variable-length patterns},\n pages = {110--129}\n}","bibtype":"inproceedings","booktitle":"Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000)","doi":"10.1007/3-540-39945-3<sub>8</sub>","editor":["Debar, Hervé","Mé, Ludovic","Wu, S.Felix"],"editor_short":["Debar, H.","Mé, L.","Wu, S."],"id":"wespi_intrusion_2000","isbn":"978-3-540-41085-0","key":"wespi_intrusion_2000","keywords":"C2 audit trail, Intrusion detection, Teiresias, functionality verification tests, pattern discovery, pattern matching, variable-length patterns","month":"October","note":"00223 bibtex: wespi2000intrusion","pages":"110--129","publisher":"Springer Berlin Heidelberg","series":"Lecture Notes in Computer Science","title":"Intrusion detection using variable-length audit trail patterns","type":"inproceedings","url":"http://dx.doi.org/10.1007/3-540-39945-3_8","volume":"1907","year":"2000","bibbaseid":"wespi-dacier-debar-intrusiondetectionusingvariablelengthaudittrailpatterns-2000","role":"author","urls":{"Paper":"http://dx.doi.org/10.1007/3-540-39945-3_8"},"keyword":["C2 audit trail","Intrusion detection","Teiresias","functionality verification tests","pattern discovery","pattern matching","variable-length patterns"],"downloads":0},"bibtype":"inproceedings","biburl":"http://bibbase.org/zotero/ealprr","downloads":0,"keywords":["c2 audit trail","intrusion detection","teiresias","functionality verification tests","pattern discovery","pattern matching","variable-length patterns"],"search_terms":["intrusion","detection","using","variable","length","audit","trail","patterns","wespi","dacier","debar"],"title":"Intrusion detection using variable-length audit trail patterns","year":2000,"dataSources":["fcy64Zdm28gydMmuE"]}