Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Proceedings ArticleDOI
Leveraging Optimization Methods for Dynamically Assisted Control-Flow Integrity Mechanisms
TL;DR: A mechanism for including program flow verification in DBMs that uses asynchronous analysis and applies different parallel-programming techniques that leverage current multi-core systems to control the overhead of the authors' analysis is presented.
Proceedings ArticleDOI
Reliability-based updating strategies of cyber infrastructures
Chong Wang,Yunhe Hou +1 more
TL;DR: Considering stochastic characteristics of cyberattacks, a reliability-based cost-effective updating model for cyber infrastructures is formulated and the optimal updating strategy balances the system reliability and the cost caused by updating cyber inf infrastructure.
A Scalable Classifier for Intrusion Detection in Adhoc Networks
TL;DR: This paper presents Supervised Learning In Quest (SLIQ), a fast scalable classifier for detecting intrusion, which is used in intrusion detection systems for mobile adhoc networks.
A fusion of ICA and SVM for detection computer attacks
TL;DR: An intrusion detection method that proposes independent component analysis based feature selection heuristics and using support vector machine for classification data is discussed.
Proceedings ArticleDOI
Internal Network Monitoring and Anomaly Detection through Host Clustering.
TL;DR: It is argued that a behavioural model for each cluster, compared to a models for each host or a single model for all hosts, performs better in terms of detecting potentially malicious behaviour and shown that by applying this concept to internal network traffic, the detection performance for identifying malicious flows and hosts increases.