A Pattern Matching Based Filter for Audit Reduction and
Fast Detection of Potential Intrusions
Josué Kuri, Gonzalo Navarro, Ludovic Mé and Laurent Heye
We present a pattern matching approach to the problem of misuse
detection in a computer system, which is formalized as the problem
of multiple approximate pattern matching. This permits very fast
searching of potential attacks. We study the probability of
matching of the model and its relation to the filtering efficiency of
potential attacks within large audit trails. Experimental results
show that in a worst case, up to 85% of an audit trail may be
filtered out when searching a set of attacks without probability of
false negatives. Moreover, by filtering 98% of the audit trail, up
to 50% of the attacks may be detected.