Fixed vs. Variable-length patterns for detecting suspicious process behavior

Hervé Debar, Marc Dacier, Mehdi Nassehi, Andreas Wespi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Scopus citations


This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. These models can be used for intrusion detection purposes. In a previous work, we presented a novel method to generate input data sets that enable us to observe the normal behavior of a process in a secure environment. Using this method, we propose various techniques to generate either fixed-length or variable-length patterns. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our testbed.
Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Number of pages15
ISBN (Print)3540650040
StatePublished - Jan 1 1998
Externally publishedYes

Bibliographical note

Generated from Scopus record by KAUST IRTS on 2022-09-12


Dive into the research topics of 'Fixed vs. Variable-length patterns for detecting suspicious process behavior'. Together they form a unique fingerprint.

Cite this