Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
WIDS Using Flow Based Approach
TL;DR: The proposed Wireless Intrusion Detection System (WIDS) is designed by focusing mostly on flow along with packet based for certain circumstances, which can react to ever growing amount of data on network, also help to minimize resource consumption, seen in case of fully packet based system.
Proceedings Article
INTRUSION DETECTION AND RESPONSE TO AUTOMATED ATTACKS - An Overview of Automated Threats To Computer Infrastructure
TL;DR: Current risk due to the latest automated attack technology is highlighted and historical and current research is applied to show the information security approach to detecting and preventing these types of attacks.
Journal ArticleDOI
Security management of mutually trusted domains through cooperation of defensive technologies
Shang-Juh Kao,Lai-Ming Shiue +1 more
TL;DR: In this paper, different administrative networks are leagued to form a federative network environment called a trusted domain and results show that, through sharing the defensive information, the firewall system can successfully detect and filter the repeated intrusions.
Proceedings ArticleDOI
Detection of DoS attacks using intrusion detection sensors
TL;DR: This paper proposes work that will attempt to show that it is possible to perform intrusion detection mechanism of DoS attacks using small sensors embedded in a computer system, which will look for signs of specific intrusions while the Snort IDS running.
Proceedings ArticleDOI
Visualizing graph features for fast port scan detection
TL;DR: The integrated approach uses graph modeling and preprocessing to make visual displays easy to comprehend, and uses human intervention to avoid solving NP-hard computational problems while still providing real-time visualization.