We present a method to learn automaton models that are more robust to input modifications. It iteratively aligns sequences to a learned model, modifies the sequences to their aligned versions, and re-learns the model. Automaton learning algorithms are typically very good at modeling the frequent behavior of a software system. Our solution can be used to also learn the behavior present in infrequent sequences, as these will be aligned to the frequent ones represented by the model. We apply our method to the SAGE tool for modeling attacker behavior from intrusion alerts. In experiments, we demonstrate that our algorithm learns models that can handle noise such as added and removed symbols from sequences. Furthermore, it learns more concise models that fit better to the training data.
翻译:我们展示了一种方法来学习更坚固的自动数学模型,以输入修改。 它反复将序列与学习过的模型相匹配, 将序列修改为对齐版本, 并重新删除模型。 Automaton 学习算法通常非常擅长模拟软件系统的频繁行为。 我们的解决方案也可以用来学习以不常见序列出现的行为, 因为这些序列将与模型所代表的频繁序列相匹配。 我们用我们的方法来模拟入侵警报中攻击者的行为。 在实验中, 我们证明我们的算法学习了能够处理噪音的模型, 比如从序列中添加和删除符号。 此外, 它学习了更简洁的模型, 更适合培训数据 。
相关内容
微信扫码咨询专知VIP会员