Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Book ChapterDOI
Intrusion-Tolerant Intrusion Detection System
Myung-Kyu Yi,Chong-Sun Hwang +1 more
TL;DR: This paper proposes the novel intrusion-tolerant IDS using communication-induced checkpointing and pessimistic message logging techniques, which can recover its previous state and resume its operation unaffected when the failed agent is restarted.
Analysis of a SCADA System Anomaly Detection Model Based on Information Entropy
TL;DR: This research uses information theory to build an anomaly detection model that quantifies the uncertainty of the system based on alarm message frequency and evaluates the use of information theory for anomaly detection and the impact of different attack scenarios.
Impact Modeling and Prediction of Attacks on Cyber Targets (Preprint)
TL;DR: In this article, the authors present a methodology for encoding IT infrastructure, organization mission and correlations, their analysis framework, as well as initial experimental results and conclusions, which can then be used to formulate IT security strategies and explore their trade-offs, which leads to better incident response.
Dissertation
Conception et réalisation d’une architecture tolérant les intrusions pour des serveurs Internet
TL;DR: In this article, a generic architecture for intrusion tolerant Internet servers is proposed, based on redundancy and diversification principles, in order to increase the system resilience to attacks: usually, an attack is targeted at a particular software, running on a particular platform, and fails on others.
Proceedings ArticleDOI
A novel interacting multiple model based network intrusion detection scheme
TL;DR: This paper illustrates using collected data that network traffic is seldom stationary and proposes the use of multiple models to accurately represent the traffic data, which will improve the reliability of the proposed model.