On the use of word networks to mimicry attack detection Chapter in Scopus uri icon


  • Intrusion detection aims at raising an alarm any time the security of an IT system gets compromised. Though highly successful, Intrusion Detection Systems are all susceptible of mimicry attacks [1]. A mimicry attack is a variation of an attack that attempts to pass by as normal behaviour. In this paper, we introduce a method which is capable of successfuly detecting a significant and interesting sub-class of mimicry attacks. Our method makes use of a word network [2, 3]. A word network conveniently decomposes a pattern matching problem into a chain of smaller, noise-tolerant pattern matchers, thereby making it more tractable. A word network is realised as a finite state machine, where every state is a hidden Markov model. Our mechanism has shown a 93% of effectivity, with a false positive rate of 3%. © Springer-Verlag Berlin Heidelberg 2006.

Publication date

  • January 1, 2006