Two state-based approaches to program-based anomaly detection

New Orleans, Louisiana December 11-December 15

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898854

16th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by C.C. Michael Articles by A. Ghosh

	ASCII Text	x
	C.C. Michael, A. Ghosh, "Two state-based approaches to program-based anomaly detection," Computer Security Applications Conference, Annual, pp. 21, 16th Annual Computer Security Applications Conference (ACSAC'00), 2000.

	BibTex	x
	@article{ 10.1109/ACSAC.2000.898854, author = {C.C. Michael and A. Ghosh}, title = {Two state-based approaches to program-based anomaly detection}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2000}, issn = {1063-9527}, pages = {21}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898854}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Two state-based approaches to program-based anomaly detection SN - 1063-9527 SP EP A1 - C.C. Michael, A1 - A. Ghosh, PY - 2000 KW - security of data; software performance evaluation; auditing; finite state machines; state-based approaches; program-based anomaly detection; intrusion detection algorithms; experimental results; algorithm performance; execution audit data; finite-state machine; statistical deviation monitoring; n-grams VL - 0 JA - Computer Security Applications Conference, Annual ER -

C.C. Michael, RST Res. Labs., USA

A. Ghosh, RST Res. Labs., USA

This paper describes two intrusion detection algorithms, and gives experimental results on their performance. The algorithms detect anomalies in execution audit data. One is a simply constructed finite-state machine, and the other monitors statistical deviations from normal program behavior. The performance of these algorithms is evaluated as a function of the amount of available training data, and they are compared to the well-known intrusion detection technique of looking for novel n-grams in computer audit data.

Index Terms:

security of data; software performance evaluation; auditing; finite state machines; state-based approaches; program-based anomaly detection; intrusion detection algorithms; experimental results; algorithm performance; execution audit data; finite-state machine; statistical deviation monitoring; n-grams

Citation:

C.C. Michael, A. Ghosh, "Two state-based approaches to program-based anomaly detection," acsac, pp.21, 16th Annual Computer Security Applications Conference (ACSAC'00), 2000

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.