16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana

Two State-based Approaches to Program-based anomaly detection

C C Michael
RST Research

This paper describes two recently developed intrusion detection algorithms, and gives experimental results on their performance. The algorithms detect anomalies in execution audit data. One is a simply constructed finite-state machine, and the other monitors statistical deviations from normal program behavior. The performance of these algorithms is evaluated as a function of the amount of available training data, and they are compared to the well-known intrusion detection technique of looking for novel n-grams in computer audit data.

Read Paper Read Paper (in PDF)