Skip to Main Content
Polymorphic attacks threaten to make many intrusion detection schemes ineffective. In order to address the threat of advanced attacks, model based techniques are required. In this paper we improve our Grammar Based Modeling techniques to be more resilient to attacks that change in form by using advanced classification techniques. Similarity distances from known models are input as features input to Support Vector Machines and other advanced classification techniques to provide improved classification performance. Results indicate promise for intrusion detection and response against polymorphic attack with minimal false alarms.