Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Book ChapterDOI
MVS-SAT: a security administration tool to support SMF protocol data evaluation
Claudia Eckert,Th. Stoesslein +1 more
TL;DR: A tool called MVS-SAT is presented which supports extraction, off-line analysis and evaluation of security-related data recorded by the System Management Facility running under MVS on IBM mainframe computers.
Proceedings ArticleDOI
Multi agent based intrusion detection architecture for the IDS adaptation over time
TL;DR: This work proposes an agent based architecture that can adapt the IDS to the future threats, and addresses a problem that current intrusion detection systems suffer.
A neutral network classifier based design support system (NNCDSS) for network intrusion detection and response
TL;DR: This model uses an emerging semi-parametric learning algorithm called Modified Probabilistic Neural Network to capture both attacks' signatures as well as normal system usage behaviours to create a classifier based decision support component for an intrusion detection system.
Proceedings ArticleDOI
SECODA: Segmentation- and Combination-Based Detection of Anomalies
TL;DR: In this article, a general-purpose unsupervised non-parametric anomaly detection algorithm for datasets containing continuous and categorical attributes is proposed, which is guaranteed to identify cases with unique or sparse combinations of attribute values.