Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Book ChapterDOI
Traffic anomaly detection and characterization in the tunisian national university network
TL;DR: An anomaly detection system derived from the anomaly detection schema presented by Mei-Ling Shyu and based on periodic SNMP data collection is presented and it is shown that anomalies were prevalent in the TNUN network and that most anomalies lasted less than five minutes.
Journal ArticleDOI
Fatal injection: a survey of modern code injection attack countermeasures
TL;DR: This paper examines and categorizes the countermeasures developed to detect the various attack forms of code injection attacks and identifies two distinct categories, based on nonfunctional characteristics that are considered critical when creating security mechanisms.
Proceedings Article
Detecting malicious java code using virtual machine auditing
TL;DR: A thread-level auditing facility for the Java Virtual Machine and an intrusion detection tool that uses audit data generated by this facility to detect attacks by malicious Java code are developed.
Iterative Window Size Estimation on Self-Similarity Measurement for Network Traffic Anomaly Detection
TL;DR: The result has shown, that this iterative method is able to estimate an optimum window size that is capable to reduce detection loss probability and maintain a low error rate.
Proceedings ArticleDOI
Research on intrusion detection technology based on deep learning
Shan Ding,Genying Wang +1 more
TL;DR: A deep neural network (DNN) model is proposed to identify anomalies in network data to detect intrusion and results show that the performance of the model is better than the other models.