Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Proceedings ArticleDOI
Digital signature to help network management using principal component analysis and K-means clustering
TL;DR: Two methods to generate a digital signature capable of describing the traffic behavior are proposed, using the statistical method Principal Component Analysis (PCA) and the clustering algorithm K-Means.
Proceedings ArticleDOI
Mimicry Honeypot: A Brief Introduction
TL;DR: The mimicry concept is introduced into the network defense, the concept of protective coloration and warning coloration for cyber defense is defined, and a mimicry honeypot model is formalized, which could perceive and adaptive the change of the network service and perform better camouflage.
Proceedings ArticleDOI
Finding Needle in the Case-Stack: Effective Remote Monitoring of Courts
TL;DR: The proposed system shows high accuracy in flagging anomalous cases, reduces the overall volume of information generated by the system and can help target several of the key reasons behind case pendency while bringing much needed transparency to the overall case-flow.
Proceedings ArticleDOI
Attack and Fault Identification in Electric Power Control Systems: An Approach to Improve the Security
Maurilio Pereira Coutinho,Germano Lambert-Torres,L.E.B. da Silva,J.G.B. da Silva,Joaquim Gonçalves Costa Neto,E. da Costa Bortoni,Horst Lazarek +6 more
TL;DR: A technique to extract rules in order to identify attacks and faults to improve security of electric power control systems by using rough sets classification algorithm, offering a more compact set of examples to fix the rules to the anomaly detector.
Proceedings ArticleDOI
Intrusion Detection System for IP Multimedia Subsystem using K-Nearest Neighbor classifier
Ashfaq Hussain Farooqi,Ali Munir +1 more
TL;DR: This paper presents a new approach keeping a vision of secure IMS based on intrusion detection system (IDS) using k-nearest neighbor (KNN) as classifier, which effectively detect intrusive attacks and achieve a low false positive rate.