Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
A study of artificial immune systems applied to anomaly detection
TL;DR: The experimental results show that the proposed representations along with the proposed algorithms provide some advantages over the binary negative selection algorithm, including improved scalability, more expressiveness that allows the extraction of high-level domain knowledge, non-crisp distinction between normal and abnormal, and better performance in anomaly detection.
Journal ArticleDOI
Mark-elm
TL;DR: The novel Multiple Adaptive Reduced Kernel Extreme Learning Machine (MARK-ELM) is introduced which combines Multiple Kernel Boosting and Multiclass KELM to Network Intrusion Detection to improve the efficacy of network intrusion on data that contains instances of multiple classes of attacks.
Proceedings ArticleDOI
An immuno-fuzzy approach to anomaly detection
TL;DR: This paper presents a new technique for generating a set of fuzzy rules that can characterize the non-self space (abnormal) using only self (normal) samples and shows the applicability of this approach to the anomaly detection problem.
Book ChapterDOI
Accurate buffer overflow detection via abstract payload execution
Thomas Toth,Christopher Kruegel +1 more
TL;DR: An approach that accurately detects buffer overflow code in the request's payload by concentrating on the sledge of the attack, used to increase the chances of a successful intrusion by providing a long code segment that simply moves the program counter towards the immediately following exploit code.
DissertationDOI
Revisiting anomaly-based network intrusion detection systems
TL;DR: SilentDefense is the first systematic attempt to develop an anomaly-based intrusion detection system with a high degree of usability, and outperforms competitors not only in terms of attack detection and false alert rates, but it reduces the user effort as well.