Related Work

• Pattern-matching based approaches

  • [Porras and Kemmerer 92] [Kumar 95] [Ko 94]
  • employ offline matching, still can benefit from our faster algorithms

• System call interception/interposition

  • [GWTB 96] [MLO 97] [GPRA 98] [FBF 99]
  • do not focus on robust behavioral specification languages

• Source-code analysis/instrumentation for intrusion prevention

  • [Cowan et al 98], …

• Behavior specification languages

  • CSP, LOTOS, Esterel, TSL, Rapide, …
  • our focus is on balancing expressive power with fast detection

Previous slide

Next slide

Back to first slide

View graphic version