Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Proceedings ArticleDOI
Integration Soft Computing Approach to Network Security
TL;DR: Empirical results clearly show that support vector machine and rough set approach could play a major role for intrusion detection systems.
Dissertation
Detecção e tratamento de intrusões em plataformas baseadas no XEN
TL;DR: This work presents an approach to detect intrusion in Xen virtual machines, introducing a tool to monitor and block malicious or unwanted access to the system, named XenGuardian.
DissertationDOI
Protecting Communication Infrastructures Against Attacks with Programmable Networking Technology
TL;DR: A flexible overlay network of security systems running on top of programmable (active) routers is proposed, which provides flexibility for load-balancing of services across nodes and addition of new services over time.
Enhanced Prediction of Network Attacks Using Incomplete Data
TL;DR: The ability to accurately identify an attack and quantify the confidence level in the prediction could serve as the basis for a new generation of intrusion detection devices, devices that provide earlier and better alerts for administrators and allow more proactive response to events as they are occurring.
Book ChapterDOI
Clustering of Windows Security Events by Means of Frequent Pattern Mining
TL;DR: This paper summarizes the results obtained from the application of Data Mining techniques in order to detect usual behaviors in the use of computers and cluster security audit trails of Windows systems and extract useful behavior patterns.