×

Intrusion Detection Using MDL Compression

  • US 20100107255A1
  • Filed: 03/05/2009
  • Published: 04/29/2010
  • Est. Priority Date: 10/29/2008
  • Status: Active Grant
First Claim
Patent Images

1. An intrusion masquerade detection method comprising:

  • a computer applying a compression algorithm to user data to build user grammars associated with a user;

    forming at least one model by storing said user grammars using a database;

    applying said compression algorithm to at least one target block to calculate an estimated algorithmic minimum sufficient statistic;

    searching a string of data from said target block for phrases matching user grammars contained in said at least one model;

    sorting the user grammars so that longest phrases among said user grammars are applied first to an unclassified string;

    converting each matching phrase to a variable-length code value by replacing each said matching phrase with a corresponding variable-length code value;

    attributing a cost for phrases that are not found in the at least one model by quantifying the cost of explicitly representing symbols associated with those phrases;

    determining a degree of fit between said target block and said at least one model based on said cost; and

    detecting an intrusion masquerade based on said degree of fit.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×