This paper addresses the problem of creating patterns that can be used to model the normal behavior of a given process. the models can be used for intrusion-detection purposes. First, we present a novel method to generate input and sets enable us to observe the normal behavior of a process in a secure environment. Second, we propose various techniques to derive either fixed-length or variable-length pat- terns from the input data sets. We show the advantages and drawbacks of each technique, based on the results of the experiments we have run on our tested.
展开▼