Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2003.10C.2.119

Generation of Finite Automata for Intrusion Detection  

Lim, Young-Hwan (라딕스 연구소)
Wee, Kyu-Bum (아주대학교 정보 및 컴퓨터공학부)
Publication Information
The KIPS Transactions:PartC / v.10C, no.2, 2003 , pp. 119-124 More about this Journal
Abstract
Although there have been many studies on using finite automata for intrusion detection, it has been a difficult problem to generate compact finite automata automatically. In a previous research an approach to profile normal behaviors using finite automata was proposed. They divided the system call sequence of each process into three parts prefix, main portion, and suffix, and then substituted macros for frequently occurring substrings. However, the procedure was not automatic. In this paper we present algorithms to automatically generate intrusion detection automata from the sequence of system calls resulting from the normal runs of the programs. We also show the effectiveness of the proposed method through experiments.
Keywords
Intrusion Detection; Anomaly Detection; Process Behavior Profiling; Finite Automata;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R. Bace, 'Intrusion Detection,' Macmillan Technical Publishing, pp.91-117, 2000
2 S. Hofmeyr and S. Forrest, 'Intrusion Detection using Sequences of System Calls,' Journal of Computer Security Vol.6, pp.151-180, 1998
3 S. Forrest, 'A Sense of Self for Unix Process,' Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp.120-128, 1996   DOI
4 R. Sekar and M. Bendre, 'A Fast Automation-Based Methodfor Detecting Anomalous Program Behaviors,' Proceeding of the 2001 IEEE Symposium on Security and Privacy, pp.144-155, 2001
5 D. Wagner, 'Intrusion Detection via Static Analysis,' Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp.156-169, 2001   DOI
6 S. Carlos, 'Introduction to Computational Molecular Biology,' PWS Publishing Company, pp.49-80, 1997
7 A. Kosoresow, 'Intrustion Detection via System Call Traces, IEEE Software,' Vol.14, No.5, pp.35-42, 1997   DOI   ScienceOn
8 C. Michael, 'Two State-Based Approaches to Program-based Anomaly Detection,' Proceedings of 16th Annual Computer Security Applications Conference, Conference, pp.21-30, 2000   DOI
9 A. Aho, 'Data Structures and Algorithms,' Addison Wesley Publishing, pp.163-169, 1983
10 J. Vilo, 'Discovering Frequent Patterns from Strings,' Department of Computer Science, University of Helsinki, Technical Report C-1998-9, May, 1998
11 http://www.cs.unm.edu/~immsec/systemcalls.htm
12 C. Warrender, S. Forrest, and B. Pearlmutter, 'Detecting Intrusions using System Calls : Alternative Data Models,' Proceedings of the IEEE Symposium on Security and Privacy, pp.133-145, 1999   DOI