Fixed-vs. variable-length patterns for detecting suspicious process behavior. Wespi, A., Debar, H., Dacier, M., & Nassehi, M. Journal of Computer Security, 8(2, 3):159--181, August, 2000. bibtex: wespi2000fixed bibtex[issue_date=August 2000;numpages=23;acmid=1297830]![Fixed-vs. variable-length patterns for detecting suspicious process behavior [link]](https://bibbase.org/img/filetypes/link.svg "link")
Paper abstract bibtex This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. The models can be used for intrusion-detection purposes. First, we present a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Second, we propose various techniques to derive either fixed-length or variable-length patterns from the input data sets. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.
@article{ wespi_fixed-vs._2000,
title = {Fixed-vs. variable-length patterns for detecting suspicious process behavior},
volume = {8},
issn = {0926-227X},
url = {http://dl.acm.org/citation.cfm?id=1297828.1297830},
abstract = {This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. The models can be used for intrusion-detection purposes. First, we present a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Second, we propose various techniques to derive either fixed-length or variable-length patterns from the input data sets. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.},
number = {2, 3},
journal = {Journal of Computer Security},
author = {Wespi, Andreas and Debar, Hervé and Dacier, Marc and Nassehi, Mehdi},
month = {August},
year = {2000},
note = {bibtex: wespi2000fixed
bibtex[issue_date=August 2000;numpages=23;acmid=1297830]},
keywords = {Intrusion detection, anomaly detection},
pages = {159--181}
}
Downloads: 0
{"_id":{"_str":"5298aa259eb585cc26000994"},"__v":0,"authorIDs":[],"author_short":["Wespi, A.","Debar, H.","Dacier, M.","Nassehi, M."],"bibbaseid":"wespi-debar-dacier-nassehi-fixedvsvariablelengthpatternsfordetectingsuspiciousprocessbehavior-2000","bibdata":{"abstract":"This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. The models can be used for intrusion-detection purposes. First, we present a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Second, we propose various techniques to derive either fixed-length or variable-length patterns from the input data sets. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.","author":["Wespi, Andreas","Debar, Hervé","Dacier, Marc","Nassehi, Mehdi"],"author_short":["Wespi, A.","Debar, H.","Dacier, M.","Nassehi, M."],"bibtex":"@article{ wespi_fixed-vs._2000,\n title = {Fixed-vs. variable-length patterns for detecting suspicious process behavior},\n volume = {8},\n issn = {0926-227X},\n url = {http://dl.acm.org/citation.cfm?id=1297828.1297830},\n abstract = {This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. The models can be used for intrusion-detection purposes. First, we present a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Second, we propose various techniques to derive either fixed-length or variable-length patterns from the input data sets. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.},\n number = {2, 3},\n journal = {Journal of Computer Security},\n author = {Wespi, Andreas and Debar, Hervé and Dacier, Marc and Nassehi, Mehdi},\n month = {August},\n year = {2000},\n note = {bibtex: wespi2000fixed \nbibtex[issue_date=August 2000;numpages=23;acmid=1297830]},\n keywords = {Intrusion detection, anomaly detection},\n pages = {159--181}\n}","bibtype":"article","id":"wespi_fixed-vs._2000","issn":"0926-227X","journal":"Journal of Computer Security","key":"wespi_fixed-vs._2000","keywords":"Intrusion detection, anomaly detection","month":"August","note":"bibtex: wespi2000fixed bibtex[issue_date=August 2000;numpages=23;acmid=1297830]","number":"2, 3","pages":"159--181","title":"Fixed-vs. variable-length patterns for detecting suspicious process behavior","type":"article","url":"http://dl.acm.org/citation.cfm?id=1297828.1297830","volume":"8","year":"2000","bibbaseid":"wespi-debar-dacier-nassehi-fixedvsvariablelengthpatternsfordetectingsuspiciousprocessbehavior-2000","role":"author","urls":{"Paper":"http://dl.acm.org/citation.cfm?id=1297828.1297830"},"keyword":["Intrusion detection","anomaly detection"],"downloads":0},"bibtype":"article","biburl":"http://bibbase.org/zotero/ealprr","downloads":0,"keywords":["intrusion detection","anomaly detection"],"search_terms":["fixed","variable","length","patterns","detecting","suspicious","process","behavior","wespi","debar","dacier","nassehi"],"title":"Fixed-vs. variable-length patterns for detecting suspicious process behavior","year":2000,"dataSources":["fcy64Zdm28gydMmuE"]}