Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Widespread internet attacks: defense-oriented evolution and countermeasures
TL;DR: This dissertation investigates intelligent DDoS attacks which aim to infer architectures of the DDoS-defending Secure Overlay Forwarding Systems (SOFS) to launch attacks more efficiently than ordinary random DDoS Attacks.
Journal Article
Using data field to analyze network intrusions
TL;DR: Wang et al. as mentioned in this paper proposed a new approach to detect network attacks by transforming network connections into data points in the feature space, which formed a field called data field and each incoming data object would obtain an amount of the potential energy from the field, from which they can recognize the class of such object.
Book ChapterDOI
Design of Adaptive IDS with Regulated Retraining Approach
TL;DR: An adaptive IDS model using regulated retraining approach based on severity of changes in network traffic that is able to improve detection accuracy and reduce false alarm is proposed.
Journal ArticleDOI
A Two-Layer Markov Chain Anomaly Detection Model
Xu Ming,Chen Chun,Ying Jing +2 more
TL;DR: A new two-layer detection model is proposed, which can depict the dynamic activity of the protected process more exactly than the single layer frame, and can promote the detection rate and degrade the false alarm rate.