On the use of word networks to mimicry attack detection
Chapter in Scopus
- Additional Document Info
- View All
Intrusion detection aims at raising an alarm any time the security of an IT system gets compromised. Though highly successful, Intrusion Detection Systems are all susceptible of mimicry attacks . A mimicry attack is a variation of an attack that attempts to pass by as normal behaviour. In this paper, we introduce a method which is capable of successfuly detecting a significant and interesting sub-class of mimicry attacks. Our method makes use of a word network [2, 3]. A word network conveniently decomposes a pattern matching problem into a chain of smaller, noise-tolerant pattern matchers, thereby making it more tractable. A word network is realised as a finite state machine, where every state is a hidden Markov model. Our mechanism has shown a 93% of effectivity, with a false positive rate of 3%. © Springer-Verlag Berlin Heidelberg 2006.