Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Book ChapterDOI
Design of a Snort-Based Hybrid Intrusion Detection System
TL;DR: This paper presents a new anomaly pre-processor that extends the functionality of Snort IDS, making it a hybrid IDS.
Proceedings ArticleDOI
Dimensionality Reduction and Attack Recognition using Neural Network Approaches
TL;DR: Modular neural network models based on principal component analysis (PCA) neural networks and multilayer perceptrons (MLP) are applied to detect and recognize attacks in computer networks and demonstrate that the designs are promising in terms of accuracy and computational time for real world intrusion detection.
Book ChapterDOI
Uncertainty and Risk Management in Cyber Situational Awareness
TL;DR: This chapter surveys existing technologies in handling uncertainty and risk management in cyber situational awareness in order to identify and prevent real attacks through appropriate risk management.
Journal ArticleDOI
Statistical Learning for Anomaly Detection in Cloud Server Systems: A Multi-Order Markov Chain Framework
TL;DR: The testing results show that the multi-order approach is able to produce more effective indicators: in addition to the absolute values given by an individual single-order model, the changes in ranking positions of outputs from different-order ones also correlate closely with abnormal behaviours.