scispace - formally typeset
Proceedings ArticleDOI

An Intrusion-Detection Model

Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.
Abstract
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.

read more

Citations
More filters
Proceedings ArticleDOI

Digital signature to help network management using principal component analysis and K-means clustering

TL;DR: Two methods to generate a digital signature capable of describing the traffic behavior are proposed, using the statistical method Principal Component Analysis (PCA) and the clustering algorithm K-Means.
Proceedings ArticleDOI

Mimicry Honeypot: A Brief Introduction

TL;DR: The mimicry concept is introduced into the network defense, the concept of protective coloration and warning coloration for cyber defense is defined, and a mimicry honeypot model is formalized, which could perceive and adaptive the change of the network service and perform better camouflage.
Proceedings ArticleDOI

Finding Needle in the Case-Stack: Effective Remote Monitoring of Courts

TL;DR: The proposed system shows high accuracy in flagging anomalous cases, reduces the overall volume of information generated by the system and can help target several of the key reasons behind case pendency while bringing much needed transparency to the overall case-flow.
Proceedings ArticleDOI

Attack and Fault Identification in Electric Power Control Systems: An Approach to Improve the Security

TL;DR: A technique to extract rules in order to identify attacks and faults to improve security of electric power control systems by using rough sets classification algorithm, offering a more compact set of examples to fix the rules to the anomaly detector.
Proceedings ArticleDOI

Intrusion Detection System for IP Multimedia Subsystem using K-Nearest Neighbor classifier

TL;DR: This paper presents a new approach keeping a vision of secure IMS based on intrusion detection system (IDS) using k-nearest neighbor (KNN) as classifier, which effectively detect intrusive attacks and achieve a low false positive rate.