Article

Characterizing the behavior of a program using multiple-length N-grams

Author:

Carla MarceauAuthors Info & Claims

NSPW '00: Proceedings of the 2000 workshop on New security paradigms

Pages 101 - 110

https://doi.org/10.1145/366173.366197

Published: 20 February 2001 Publication History

Get Access

References

[1]

Arbib, M.A., Theories of Abstract Automata. 1969, Englewood Cliffs, NJ: Prentice-Hall.

Digital Library

Google Scholar

[2]

Computer Science Department University of New Mexico, Synthetic UNM lpr data. 1995: http://www.cs.unm.edu/~immsec/data/synth-lpr.html.

Google Scholar

[3]

Computer Science Department University of New Mexico, UNM live inetd data. 1996: http://www.cs.unm.edu/-immsec/data/live-inetd.html.

Google Scholar

[4]

Debar, H., Dacier, M., Nassehi, M., and Wespi, A., "Fixed vs. variable-length patterns for detecting suspicious process behavior," in ESORICS 98, 5th European Symposium on Research in Computer Security, 1998, Louvain-la-Neuve, Belgium: Springer Vedag.

Digital Library

Google Scholar

[5]

Forrest, S., Hofmeyr, S., and Somayaji, A., "Computer immunology," Communications of the ACM, 1997, 40(10), p. 88-96.

Digital Library

Google Scholar

[6]

Forrest, S., Hofmeyr, S.A., and Somajayi, A., "A Sense of Self for UNIX Processes," in 1996 IEEE Symposium on Computer Security and Privacy, 1996: IEEE Press.

Digital Library

Google Scholar

[7]

Gusfield, D., Algorithms on Strings, Trees, and Sequences. 1997: Cambridge University Press.

Digital Library

Google Scholar

[8]

Hofmeyr, S., Forrest, S., and Somayaji, A., "Intrusion detection using sequences of system calls," Journal of Computer Security, 1998, 6, p. 151-180.

Digital Library

Google Scholar

[9]

Nerode, A., "Linear automaton transformations," Proceedings of the American Mathematics Society, 1958, 9, p. 541-544.

Crossref

Google Scholar

[10]

Stillerman, M., Marceau, C., and Stillman, M., "Intrusion Detection for Distributed Applications," Communications of the ACM, 1999, 42(7), pp. 62-69.

Digital Library

Google Scholar

Cited By

View all

Niu HOmitaomu OLangston MOlama MOzmen OKlasky HLaurio AWard MNebeker J(2024)EHR-BERT: A BERT-based model for effective anomaly detection in electronic health recordsJournal of Biomedical Informatics10.1016/j.jbi.2024.104605150(104605)Online publication date: Feb-2024
https://doi.org/10.1016/j.jbi.2024.104605
Perusquía JGriffin JVilla C(2024)Beta-CoRM: A Bayesian Approach for n-gram Profiles AnalysisComputational Statistics & Data Analysis10.1016/j.csda.2024.108056(108056)Online publication date: Sep-2024
https://doi.org/10.1016/j.csda.2024.108056
Akbar KWang YAyoade GGao YSinghal AKhan LThuraisingham BJee K(2023)Advanced Persistent Threat Detection Using Data Provenance and Metric LearningIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.322178920:5(3957-3969)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3221789
Show More Cited By

Index Terms

Characterizing the behavior of a program using multiple-length N-grams
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
XFA: Faster Signature Matching with Extended Automata
SP '08: Proceedings of the 2008 IEEE Symposium on Security and Privacy

Automata-based representations and related algorithms have been applied to address several problems in information security, and often the automata had to be augmented with additional information. For example, extended finite-state automata (EFSA) ...
NFAs with Tagged Transitions, their Conversion to Deterministic Automata and Application to Regular Expressions
SPIRE '00: Proceedings of the Seventh International Symposium on String Processing Information Retrieval (SPIRE'00)

A conservative extension to traditional nondeterministic finite automata (NFAs) is proposed to keep track of the positions in the input string for the last uses of selected transitions, by adding "tags" to transitions. The resulting automata are ...

Comments

Information & Contributors

Information

Published In

NSPW '00: Proceedings of the 2000 workshop on New security paradigms

February 2001

168 pages

ISBN:1581132603

DOI:10.1145/366173

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 February 2001

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

NSPW00

Sponsor:

SIGSAC

NSPW00: New Security Paradigms 2000

September 18 - 21, 2000

Ballycotton, County Cork, Ireland

Acceptance Rates

NSPW '00 Paper Acceptance Rate 15 of 35 submissions, 43%;

Overall Acceptance Rate 98 of 265 submissions, 37%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

72
Total Citations
View Citations
664
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)3

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Niu HOmitaomu OLangston MOlama MOzmen OKlasky HLaurio AWard MNebeker J(2024)EHR-BERT: A BERT-based model for effective anomaly detection in electronic health recordsJournal of Biomedical Informatics10.1016/j.jbi.2024.104605150(104605)Online publication date: Feb-2024
https://doi.org/10.1016/j.jbi.2024.104605
Perusquía JGriffin JVilla C(2024)Beta-CoRM: A Bayesian Approach for n-gram Profiles AnalysisComputational Statistics & Data Analysis10.1016/j.csda.2024.108056(108056)Online publication date: Sep-2024
https://doi.org/10.1016/j.csda.2024.108056
Akbar KWang YAyoade GGao YSinghal AKhan LThuraisingham BJee K(2023)Advanced Persistent Threat Detection Using Data Provenance and Metric LearningIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.322178920:5(3957-3969)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3221789
Schmidl SWenig PPapenbrock T(2022)Anomaly detection in time seriesProceedings of the VLDB Endowment10.14778/3538598.353860215:9(1779-1797)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.14778/3538598.3538602
Niu HOmitaomu OLangston MOlama MOzmen OKlasky HLaurio ASauer BWard MNebeker J(2022)Detecting anomalous sequences in electronic health records using higher-order tensor networksJournal of Biomedical Informatics10.1016/j.jbi.2022.104219135(104219)Online publication date: Nov-2022
https://doi.org/10.1016/j.jbi.2022.104219
Grimmer MKaelble TRahm E(2022)Improving Host-Based Intrusion Detection Using Thread InformationEmerging Information Security and Applications10.1007/978-3-030-93956-4_10(159-177)Online publication date: 12-Jan-2022
https://doi.org/10.1007/978-3-030-93956-4_10
Ongun TStokes JOr JTian KTajaddodianfar FNeil JSeifert COprea APlatt JBilge LDumitras T(2021)Living-Off-The-Land Command Detection Using Active LearningProceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3471621.3471858(442-455)Online publication date: 6-Oct-2021
https://dl.acm.org/doi/10.1145/3471621.3471858
Araujo FAyoade GAl-Naami KGao YHamlen KKhan L(2021)Crook-sourced intrusion detection as a serviceJournal of Information Security and Applications10.1016/j.jisa.2021.10288061:COnline publication date: 1-Sep-2021
https://dl.acm.org/doi/10.1016/j.jisa.2021.102880
Wang XWang XWilkes MWang XWang XWilkes M(2020)Developments in Unsupervised Outlier Detection ResearchNew Developments in Unsupervised Outlier Detection10.1007/978-981-15-9519-6_2(13-36)Online publication date: 25-Nov-2020
https://doi.org/10.1007/978-981-15-9519-6_2
KALIPCIOĞLU KTOĞAY CYOLAÇAN E(2019)SON KULLANICILAR İÇİN ANOMALİ SALDIRI TESPİT SİSTEMLERİEskişehir Osmangazi Üniversitesi Mühendislik ve Mimarlık Fakültesi Dergisi10.31796/ogummf.56074727:3(199-212)Online publication date: 15-Dec-2019
https://doi.org/10.31796/ogummf.560747
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Detecting, validating and characterizing computer infections in the wild

XFA: Faster Signature Matching with Extended Automata

NFAs with Tagged Transitions, their Conversion to Deterministic Automata and Application to Regular Expressions

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

References

Cited By

Index Terms

Recommendations

Detecting, validating and characterizing computer infections in the wild

XFA: Faster Signature Matching with Extended Automata

NFAs with Tagged Transitions, their Conversion to Deterministic Automata and Application to Regular Expressions

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations