Abstract
Intrusion detection aims at raising an alarm any time the security of an IT system gets compromised. Though highly successful, Intrusion Detection Systems are all susceptible of mimicry attacks [1]. A mimicry attack is a variation of an attack that attempts to pass by as normal behaviour. In this paper, we introduce a method which is capable of successfuly detecting a significant and interesting sub-class of mimicry attacks. Our method makes use of a word network [2, 3]. A word network conveniently decomposes a pattern matching problem into a chain of smaller, noise-tolerant pattern matchers, thereby making it more tractable. A word network is realised as a finite state machine, where every state is a hidden Markov model. Our mechanism has shown a 93% of effectivity, with a false positive rate of 3%. © Springer-Verlag Berlin Heidelberg 2006.
Cite
CITATION STYLE
Godínez, F., Hutter, D., & Monroy, R. (2006). On the use of word networks to mimicry attack detection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3995 LNCS, pp. 423–435). Springer Verlag. https://doi.org/10.1007/11766155_30
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
