Conference ProceedingsOPEN ACCESS

Fixed vs. Variable-length patterns for detecting suspicious process behavior

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1998) 1485 1-15
DOI: 10.1007/BFb0055852
19Citations
Citations of this article
38Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.

Cite

CITATION STYLE

APA

Debar, H., Dacier, M., Nassehi, M., & Wespi, A. (1998). Fixed vs. Variable-length patterns for detecting suspicious process behavior. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1485, pp. 1–15). Springer Verlag. https://doi.org/10.1007/BFb0055852

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free