Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
The Rule Based Intrusion Detection Model for User Behavior
Zakiya Malek,Bhushan Trivedi +1 more
TL;DR: The model periodically collect the log and BIDS detector to detect normal or abnormal activity and stores rules for intrusion in the rule engine of the system.
Dissertation
Contextual Profiling of Homogeneous User Groups for Masquerade Detection
TL;DR: Group profiling methods are evaluated as a contextual means to detect internal threats, specifically masquerade attacks and a framework used for masquerade detection research is derived.
Proceedings ArticleDOI
Intruders and intrusion detection systems — An overview
Awais Yousaf,Onaiza Yousaf +1 more
TL;DR: In an unending war between parallel advancements in technologies and evolutions of intruders, an intrusion detection system is always needed that works at each layer of TCP/IP protocol stack and covers entire spectrum of threats.
Proceedings ArticleDOI
Distributed detection of network intrusions based on a parametric model
Yan-guo Wang,Xi Li,Weiming Hu +2 more
TL;DR: This paper presents a framework for distributed detection of network intrusions based on a parametric model that can explicitly reflect the distributions of different intrusion types and handle the mixed-attribute data naturally.