Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Proceedings ArticleDOI
Robust consensus-based network intrusion detection in presence of Byzantine attacks
TL;DR: In this paper, the authors proposed two mitigation techniques to protect the consensus-based Network Intrusion Detection System in wireless and sensor networks, spectrum sensing for cognitive radio, even for some IoT services.
Dissertation
Discovery of Triggering Relations and Its Applications in Network Security and Android Malware Detection
TL;DR: This dissertation addresses the problem of detecting the network anomalies on a single device by inferring the traffic dependence to ensure the root-triggers and proposes a dependence model for illustrating the network traffic causality.
Use of Entropy for Feature Selection with Intrusion Detection System Parameters
TL;DR: In this article, the authors present a list of tables and lists of tables in Table 1.iii.viii List of Tables vii and Table 3.iii Table 2.
Proceedings ArticleDOI
A spatial correlation-based hybrid method for intrusion detection
TL;DR: The proposed IDS reduces the dimension of network data flow by spatial correlation-based dimension reduction method (SCDR) and improves the effectiveness of intrusion detection, and the negative feedback learning method can also improve the generalization ability of IDS.
Proceedings ArticleDOI
Anomaly detection boundary based on the moving averages of Markov chain model
TL;DR: In the anomaly event detection and recognition, the moving relative entropy density deviation method is introduced to solve the problem of deviation caused by the difference between the training Markov chain model's distribution and the real data's distribution.