Skip to main content
Conference Proceedings

A pattern matching based filter for audit reduction and fast detection of potential intrusions

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000) 1907 17-27
DOI: 10.1007/3-540-39945-3_2
4Citations
Citations of this article
4Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We present a pattern matching approach to the problem of misuse detection in a computer system, which is formalized as the problem of multiple approximate pattern matching. This permits very fast searching of potential attacks. We study the probability of matching of the model and its relation to the filtering efficiency of potential attacks within large audit trails. Experimental results show that in a worst case, up to 85% of an audit trail may be filtered out when searching a set of attacks without probability of false negatives. Moreover, by filtering 98% of the audit trail, up to 50% of the attacks may be detected.

Cite

CITATION STYLE

APA

Kuri, J., Navarro, G., Mé, L., & Heye, L. (2000). A pattern matching based filter for audit reduction and fast detection of potential intrusions. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1907, pp. 17–27). Springer Verlag. https://doi.org/10.1007/3-540-39945-3_2

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free