Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Proceedings ArticleDOI
An interacting automata model for network protection
TL;DR: Using the authors' model, empirical evidence that a link exists between the behavior of a network and its entropy is found, and potential extensions of this work to entropy-based intrusion detection systems (IDS) are discussed.
Dissertation
New Methods for Network Traffic Anomaly Detection
TL;DR: This thesis introduces a new problem, the Online Selective Anomaly Detection (OSAD) problem, to model the situation where the objective is to report new anomalies in the system and suppress know faults, and designs a new method for outlier detection based spectral decomposition of the Hankel matrix.
Proceedings ArticleDOI
Data-Driven Attack Anomaly Detection in Public Transport Networks
TL;DR: Through unsupervised machine learning, the daily data of the transportation system is clustered and a training model is established and improved accuracy is achieved through self-organizing mapping and ensemble learning.