Fixed vs. Variable-length patterns for detecting suspicious process behavior

Hervé Debar; Marc Dacier; Mehdi Nassehi; Andreas Wespi

doi:10.1007/BFb0055852

Fixed vs. Variable-length patterns for detecting suspicious process behavior

Hervé Debar
, Marc Dacier
, Mehdi Nassehi
, Andreas Wespi

S.

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.

langue originale	Anglais
titre	Computer Security — ESORICS 1998 - 5th European Symposium on Research in Computer Security, Proceedings
rédacteurs en chef	Yves Deswarte, Jean-Jacques Quisquater, Dieter Gollmann, Catherine Meadows
Editeur	Springer Verlag
Pages	1-15
Nombre de pages	15
ISBN (imprimé)	3540650040, 9783540650041
Les DOIs	https://doi.org/10.1007/BFb0055852
état	Publié - 1 janv. 1998
Modification externe	Oui
Evénement	5th European Symposium on Research in Computer Security, ESORICS 1998 - Louvain-la-Neuve, Belgique Durée: 16 sept. 1998 → 18 sept. 1998

Série de publications

Nom	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	1485
ISSN (imprimé)	0302-9743
ISSN (Electronique)	1611-3349

Une conférence

Une conférence	5th European Symposium on Research in Computer Security, ESORICS 1998
Pays/Territoire	Belgique
La ville	Louvain-la-Neuve
période	16/09/98 → 18/09/98

Accès au document

10.1007/BFb0055852

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Debar, H., Dacier, M., Nassehi, M., & Wespi, A. (1998). Fixed vs. Variable-length patterns for detecting suspicious process behavior. Dans Y. Deswarte, J.-J. Quisquater, D. Gollmann, & C. Meadows (eds.), Computer Security — ESORICS 1998 - 5th European Symposium on Research in Computer Security, Proceedings (p. 1-15). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol 1485). Springer Verlag. https://doi.org/10.1007/BFb0055852

Debar, Hervé ; Dacier, Marc ; Nassehi, Mehdi et al. / Fixed vs. Variable-length patterns for detecting suspicious process behavior. Computer Security — ESORICS 1998 - 5th European Symposium on Research in Computer Security, Proceedings. Editeur / Yves Deswarte ; Jean-Jacques Quisquater ; Dieter Gollmann ; Catherine Meadows. Springer Verlag, 1998. p. 1-15 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d242d167e2ff4f18a801943403a3b278,

title = "Fixed vs. Variable-length patterns for detecting suspicious process behavior",

abstract = "This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.",

author = "Herv{\'e} Debar and Marc Dacier and Mehdi Nassehi and Andreas Wespi",

note = "Publisher Copyright: {\textcopyright} Springer-Verlag Berlin Heidelberg 1998.; 5th European Symposium on Research in Computer Security, ESORICS 1998 ; Conference date: 16-09-1998 Through 18-09-1998",

year = "1998",

month = jan,

day = "1",

doi = "10.1007/BFb0055852",

language = "English",

isbn = "3540650040",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "1--15",

editor = "Yves Deswarte and Jean-Jacques Quisquater and Dieter Gollmann and Catherine Meadows",

booktitle = "Computer Security — ESORICS 1998 - 5th European Symposium on Research in Computer Security, Proceedings",

}

Debar, H, Dacier, M, Nassehi, M & Wespi, A 1998, Fixed vs. Variable-length patterns for detecting suspicious process behavior. Dans Y Deswarte, J-J Quisquater, D Gollmann & C Meadows (eds), Computer Security — ESORICS 1998 - 5th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), VOL. 1485, Springer Verlag, p. 1-15, 5th European Symposium on Research in Computer Security, ESORICS 1998, Louvain-la-Neuve, Belgique, 16/09/98. https://doi.org/10.1007/BFb0055852

Fixed vs. Variable-length patterns for detecting suspicious process behavior. / Debar, Hervé; Dacier, Marc; Nassehi, Mehdi et al.
Computer Security — ESORICS 1998 - 5th European Symposium on Research in Computer Security, Proceedings. Ed. / Yves Deswarte; Jean-Jacques Quisquater; Dieter Gollmann; Catherine Meadows. Springer Verlag, 1998. p. 1-15 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol 1485).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - Fixed vs. Variable-length patterns for detecting suspicious process behavior

AU - Debar, Hervé

AU - Dacier, Marc

AU - Nassehi, Mehdi

AU - Wespi, Andreas

N1 - Publisher Copyright: © Springer-Verlag Berlin Heidelberg 1998.

PY - 1998/1/1

Y1 - 1998/1/1

N2 - This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.

AB - This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.

UR - https://www.scopus.com/pages/publications/84958752009

U2 - 10.1007/BFb0055852

DO - 10.1007/BFb0055852

M3 - Conference contribution

AN - SCOPUS:84958752009

SN - 3540650040

SN - 9783540650041

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 15

BT - Computer Security — ESORICS 1998 - 5th European Symposium on Research in Computer Security, Proceedings

A2 - Deswarte, Yves

A2 - Quisquater, Jean-Jacques

A2 - Gollmann, Dieter

A2 - Meadows, Catherine

PB - Springer Verlag

T2 - 5th European Symposium on Research in Computer Security, ESORICS 1998

Y2 - 16 September 1998 through 18 September 1998

ER -

Debar H, Dacier M, Nassehi M, Wespi A. Fixed vs. Variable-length patterns for detecting suspicious process behavior. Dans Deswarte Y, Quisquater JJ, Gollmann D, Meadows C, rédacteurs en chef, Computer Security — ESORICS 1998 - 5th European Symposium on Research in Computer Security, Proceedings. Springer Verlag. 1998. p. 1-15. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/BFb0055852

Fixed vs. Variable-length patterns for detecting suspicious process behavior

Résumé

Série de publications

Une conférence

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation