Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Design, Implementation, and Validation of a Self-Learning Intrusion Detection System
TL;DR: The design and the validation of an Anomaly based Network IDS, named Self Learning Intrusion Detection System (SLIDS), able to identify new ad hoc attacks is presented, highlighting its effectiveness in detecting different kinds of attacks.
Proceedings ArticleDOI
Model-Based approach IDS design
TL;DR: This rule generator takes a physical model and converts it into a syntax understandable by the IDS and solves the difficulty of creating and maintaining handmade rules.
Journal ArticleDOI
To Decrease the Issue of False Alarm Rate by Providing Authentication & Thus Improving the Efficiency of Intrusion Detection System by Comparing the Result of Filtered Clusterer Algorithm & Make-Density Based Clustering Algorithm without Attribute Count
TL;DR: A solution for the detection of a true person and eradicates the false positive is introduced and a solution offered for the same problem is offered using the KDD CUP 1999 data set.
Dissertation
The Use of Frequent Episodes in Intrusion Detection
TL;DR: This thesis evaluates compatibility of so-called frequent episodes to intrusion detection by studying various attacks and episodes constructed of the attacks’ events, and proposes a model for a new IDS on episodes built on episode discovery with sliding window and new episode analysis techniques, which are designed for intrusion detection.
An event based framework for facilitating database activity tracking
TL;DR: The goal of this paper is to propose which data should be collected before the security incident occurs, focusing on two parts: users on the level of the operating system which have access to either the shared file system or the direct access to the Operating System by using remote connection.