• DocumentCode
    3044280
  • Title

    MDLcompress for Intrusion Detection: Signature Inference and Masquerade Attack

  • Author

    Evans, Scott ; Eiland, Earl ; Markham, Stephen ; Impson, Jeremy ; Laczo, Adam

  • Author_Institution
    GE Research, Niskayuna, New York
  • fYear
    2007
  • fDate
    29-31 Oct. 2007
  • Firstpage
    1
  • Lastpage
    7
  • Abstract
    MDLcompress is a grammar inference algorithm that uses Minimum Description Length principles from the theory of Kolmogorov Complexity and Algorithmic Information Theory to infer a grammar, finding patterns and motifs that aid most in compressing unknown data sets. This technology has been applied to detection of FTP exploits and inference of DNA sequence motifs related to breast cancer. In this paper we apply MDLcompress to infer grammars, and then apply those grammars to identify masquerades in the publicly available Schonlau system call data sets. Compared to similar protocols our system detects anomalous events with comparable performance with the advantage of executing in linear time.
  • Keywords
    Breast cancer; Cancer detection; DNA; Event detection; Genetic communication; Inference algorithms; Information theory; Intrusion detection; Protocols; Sequences;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Military Communications Conference, 2007. MILCOM 2007. IEEE
  • Conference_Location
    Orlando, FL, USA
  • Print_ISBN
    978-1-4244-1513-7
  • Electronic_ISBN
    978-1-4244-1513-7
  • Type

    conf

  • DOI
    10.1109/MILCOM.2007.4455304
  • Filename
    4455304
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3044280