Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Proceedings ArticleDOI
Leveraging USB to Establish Host Identity Using Commodity Devices
TL;DR: This paper considers how to leverage the virtually ubiquitous USB interface to uniquely identify computers based on the characteristics of their hardware, firmware, and software stacks and generates fingerprints that can be used to uniquely and consistently identify 70% of a field of 30 machines that share identical OS and hardware specifications.
Journal Article
Evaluation of the diagnostic capabilities of commercial intrusion detection systems
Hervé Debar,Benjamin Morin +1 more
TL;DR: In this paper, the authors describe a testing environment for commercial intrusion-detection systems, shows results of an actual test run and presents a number of conclusions drawn from the tests.
Journal ArticleDOI
Hancock: A language for analyzing transactional data streams
TL;DR: The obstacles to computing signatures from massive streams are described and how Hancock, a domain-specific language created to express computationally efficient signature programs cleanly, is explained.
Proceedings ArticleDOI
A Neuro-Fuzzy Approach for Intrusion Detection in Energy Efficient Sensor Routing
TL;DR: The proposed model discusses how anomalies detection scheme is improved using neuro-fuzzy approach and how the system lifetime regarding FND (first node dead) and HNA (half node alive) when contrasted with different protocols is upgraded.
Book ChapterDOI
Inferring mixtures of Markov chains
TL;DR: The problem of inferring a “mixture of Markov chains” based on observing a stream of interleaved outputs from these chains is defined and a sharp characterization of the inference process is shown.