Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Proceedings ArticleDOI
Design and analysis of an adaptive, global strategy for detecting and mitigating distributed DoS attacks in grid environments
TL;DR: This paper proposes a progressive, globally deploy able sentinel scheme for data sampling, packet inspection, and DoS attack detection and recovery, and shows a significant improvement in how the network deals with DoS attacks, in comparison to local DoS detection and prevention schemes.
Journal ArticleDOI
An adaptive approach to granular real-time anomaly detection
Chin-Tser Huang,Jeff Janies +1 more
TL;DR: Fates views the monitored network as a collection of individual hosts instead of as a single autonomous entity and uses dynamic, individual threshold for each monitored host, such that it can differentiate between characteristics ofindividual hosts and can independently assess their threat to the network.
Dissertation
Anomaly detection of web-based attacks
TL;DR: This dissertation details the use of anomaly-based methods to detect attacks against web servers and applications using a large data set of real-word traffic belonging to a web application of great dimensions hosted in production servers of a Portuguese ISP.
Proceedings Article
MISUSE DETECTION - An Iterative Process vs. A Genetic Algorithm Approach
TL;DR: This position paper presents an iterative process for doing misuse detection, and compares it with another approach for doing that: a Genetic Algorithm.
Proceedings ArticleDOI
Intrusion detection based on Core Vector Machine and ensemble classification methods
TL;DR: A combined algorithm based on Principal Component Analysis (PCA) and Core Vector Machine (CVM), which is an extremely fast classifier, is proposed for intrusion detection.