Portal del Investigador
A pattern matching based filter for audit reduction and fast detection of potential intrusions
Abstract
We present a pattern matching approach to the problem of misuse detection in a computer system, which is formalized as the problem of multiple approximate pattern matching. This permits very fast searching of potential attacks. We study the probability of matching of the model and its relation to the filtering efficiency of potential attacks within large audit trails. Experimental results show that in a worst case, up to 85 % of an audit trail may be filtered out when searching a set of attacks without probability of false negatives. Moreover, by filtering 98 % of the audit trail, up to 50 % of the attacks may be detected.
Más información
| Título según WOS: | A pattern matching based filter for audit reduction and fast detection of potential intrusions |
| Título de la Revista: | STRING PROCESSING AND INFORMATION RETRIEVAL, SPIRE 2020 |
| Volumen: | 1907 |
| Editorial: | SPRINGER INTERNATIONAL PUBLISHING AG |
| Fecha de publicación: | 2000 |
| Página de inicio: | 17 |
| Página final: | 27 |
| Idioma: | English |
| Notas: | ISI |