Generation of Finite Automata for Intrusion Detection

KIPS Transactions on Computer and Communication Systems, Vol. 10, No. 2, pp. 119-124, Apr. 2003
10.3745/KIPSTC.2003.10.2.119,   PDF Download:


Although there have been many studies on using finite automata for intrusion detection, it has been a difficult problem to generate compact finite automata automatically. In a previous research an approach to profile normal behaviors using finite automata was proposed. They divided the system call sequence of each process into three parts : prefix, main portion, and suffix, and then substituted macros for frequently occurring substrings. However, the procedure was not automatic. In this paper we present algorithms to automatically generate intrusion detection automata from the sequence of system calls resulting from the normal runs of the programs. We also show the effectiveness of the proposed method through experiments.

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article
[IEEE Style]
Y. H. Lim and K. B. Wee, "Generation of Finite Automata for Intrusion Detection," KIPS Journal C (2001 ~ 2012) , vol. 10, no. 2, pp. 119-124, 2003. DOI: 10.3745/KIPSTC.2003.10.2.119.

[ACM Style]
Young Hwan Lim and Kyu Bum Wee. 2003. Generation of Finite Automata for Intrusion Detection. KIPS Journal C (2001 ~ 2012) , 10, 2, (2003), 119-124. DOI: 10.3745/KIPSTC.2003.10.2.119.