Finite State Automata are helpful in depicting the states and their relationship from start to end of a system. FSM representation could be done either using a state chart or regular expressions.
In the case of intrusion detection systems, if we go by the raw definition of FSM, it is feasible for us to implement a FSM based detection technique. Now let us assume that the detection technique is implemented using an FSM. Then will the technique not be misuse. Is it possible for it to be anomalous in nature? In the misuse scenario, we normally store all the possible intrusions that we have come across and then try to match with the incoming intrusions and raise an alarm. In the case of anomalous, we do the opposite thing, where-in the system is trained with the expected behavior. The expected series of behavior could be classified using the FSM.
Now the question is, if we use FSM, is there a possibility of reducing the false alarm rates?
Above the advantages of FSM usage, the motive here in front of us is to understand the possibility of generating test cases from the IDS FSM.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment