Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Proceedings ArticleDOI
Analyzing the security of an existing computer system
TL;DR: A method of providing a basis for the “thought experiment” by writing a special manual for parts of the operating system, system programs, and library subroutines and presents a mathematical proof that the system satisfies the security policy.
Journal ArticleDOI
Design of intrusion detection system based on improved ABC_elite and BP neural networks
TL;DR: The simulation on the NSL-KDD dataset shows that the intrusion detection system based on the IABC elite algorithm and the BP neural networks has good classification and high intrusion detection ability.
Detection of Denial of QoS Attacks on Diffserv Networks
TL;DR: In this article, the authors describe a method of detecting denial of Quality of Service (QoS) attacks on Differentiated Services (DiffServ) networks, focusing on real-time and quick detection, scalability to large networks, and a negligible false alarm generation rate.
Unboxing security analytics : towards effective data driven security operations
TL;DR: This thesis addresses the challenges SOCs face these days by presenting a holistic approach to security operations: the conceptual model for Data Driven Security Operations, which consists of the following six facets: Situational Awareness, Threat Intelligence, Detection Methods, Response & Investigation, SOC Staff and SOC Infrastructure.
A Modified Genetic Algorithm and Switch-Based Neural Network Model Applied to Misuse-Based Intrusion Detection
TL;DR: This thesis outlines the creation of a powerful intrusion detection system (IDS) capable of detecting network attacks with results comparable to those achieved using ant colony optimization, and superior to those obtained with support vector machines and other genetic algorithms.