Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Proceedings ArticleDOI
Identifying positioning-based attacks against 3D printed objects and the 3D printing process
TL;DR: This paper considers attack scenarios and discusses where attacks that change printing orientation can occur in the process, and an imaging-based solution to combat this problem is presented.
Posted Content
Polygraph: Accountable Byzantine Agreement.
TL;DR: Polygraph is introduced, the first accountable Byzantine consensus algorithm, and it is shown that a commonly used state-of-theart Byzantine fault tolerance consensus algorithm cannot be made accountable without storing and exchanging extra logs of at least Ω(n) rounds.
Proceedings ArticleDOI
A self-organizing map and its modeling for discovering malignant network traffic
TL;DR: Model-based intrusion detection and knowledge discovery are combined to cluster and classify P2P botnet traffic and other malignant network activity by using a Self-Organizing Map self-trained on denied Internet firewall log entries.
A Novel Classification via Clustering Method for Anomaly Based Network Intrusion Detection System
TL;DR: A novel classification via sequential information bottleneck (sIB) clustering algorithm has been proposed to build an efficient anomaly based network intrusion detection model and results show that the proposed method is efficient in terms of detection accuracy, low false positive rate in comparison to the other existing methods.
Proceedings ArticleDOI
Enhancing survivability of security services using redundancy
TL;DR: This paper advocates the use of redundancy to increase survivability by using multiple methods to implement each security attribute and doing so in ways that can vary unpredictably.