MDLcompress for Intrusion Detection: Signature Inference and Masquerade Attack

MDLcompress is a grammar inference algorithm that uses Minimum Description Length principles from the theory of Kolmogorov Complexity and Algorithmic Information Theory to infer a grammar, finding patterns and motifs that aid most in compressing unknown data sets. This technology has been applied to...

Full description

Saved in:
Bibliographic Details
Published inMILCOM 2007 - IEEE Military Communications Conference pp. 1 - 7
Main Authors Evans, Scott, Eiland, Earl, Markham, Stephen, Impson, Jeremy, Laczo, Adam
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.10.2007
Subjects
Breast cancer
Cancer detection
DNA
Event detection
Genetic communication
Inference algorithms
Information theory
Intrusion detection
Protocols
Sequences
Online AccessGet full text

Cover

More Information
Summary:MDLcompress is a grammar inference algorithm that uses Minimum Description Length principles from the theory of Kolmogorov Complexity and Algorithmic Information Theory to infer a grammar, finding patterns and motifs that aid most in compressing unknown data sets. This technology has been applied to detection of FTP exploits and inference of DNA sequence motifs related to breast cancer. In this paper we apply MDLcompress to infer grammars, and then apply those grammars to identify masquerades in the publicly available Schonlau system call data sets. Compared to similar protocols our system detects anomalous events with comparable performance with the advantage of executing in linear time.
ISBN:9781424415120
1424415128
ISSN:2155-7578
2155-7586
DOI:10.1109/MILCOM.2007.4455304