Finite Automata Models for Anomaly Detection

V.R. Ramezani, S.-A. Yang and J.S. Baras

37th Conference on Information Sciences and Systems (CISS), Johns Hopkins University, Baltimore, Maryland, March 12-14, 2003

Abstract

A fundamental problem in Intrusion detection is the fusion of dependent information sequences.In this paper ,we consider the fusion of two such sequences ,namely the sequence of system calls and the value of the instruction pointer.We introduce FAAD, a finite autmaton representation defined for the product alphabet of the two sequences where dependencies are implicitly taken into account by a matching procedure.