Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Journal ArticleDOI
Network intrusion detection in covariance feature space
TL;DR: This paper directly utilizes the covariance matrices of sequential samples to detect multiple network attacks, and constructs a covariance feature space where the correlation differences among sequential samples are evaluated.
Journal ArticleDOI
Information security model of block chain based on intrusion sensing in the IoT environment
TL;DR: In this paper, intrusion detection technology is applied to block chain information security model, and the results show that proposed model has higher detection efficiency and fault tolerance.
Book ChapterDOI
Hiding Intrusions: From the Abnormal to the Normal and Beyond
TL;DR: In this paper, the authors examine two anomaly detectors based on the analysis of sequences of system calls and demonstrate that the general information hiding paradigm applies in this area also Given even a fairly restrictive definition of normal behavior, they were able to devise versions of several exploits that escape detection.
Book ChapterDOI
The feature selection and intrusion detection problems
TL;DR: An agent based IDS architecture is presented that is capable of detecting probe attacks at the originating host and denial of service (DoS) attacks atThe boundary controllers and is demonstrated that, with appropriately chosen features, both probes and DoS attacks can be detected in real time or near real time at the originate host or at the boundary controllers.
Journal ArticleDOI
Anomaly Network Intrusion Detection Based on Improved Self Adaptive Bayesian Algorithm
TL;DR: The proposed approach applied to the security domain of anomaly based network intrusion detection correctly classifies different types of attacks of KDD99 benchmark dataset with high classification rates in short response time and reduce false positives using limited computational resources.