Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Journal ArticleDOI
DEFIDNET: A framework for optimal allocation of cyberdefenses in Intrusion Detection Networks
TL;DR: A system model for IDN nodes in terms of their logical components, functions, and communication channels is introduced, and a countermeasure allocation model based on a multi-objective optimization algorithm is introduced to obtain optimal allocation strategies that minimize both risk and cost.
Journal ArticleDOI
IDSIC: an intrusion detection system with identification capability
Pei-Te Chen,Chi-Sung Laih +1 more
TL;DR: This paper is motivated to extend a current IDS functionality with Identification Capability, called IDSIC, based on the auditing viewpoint to separate auditing traffic from malicious attacks to ensure a more stable system performance during the security examination process.
Journal ArticleDOI
Intrusion detection using artificial neural network with reduced input features
Ganesh Kumar P,Devaraj D +1 more
TL;DR: This paper investigates the application of the Feed Forward Neural Network trained by Back Propagation algorithm for intrusion detection and Mutual Information based Feature Selection method is used to identify the important features of the network.
A Semantic Approach to Evaluate the Impact of Cyber Actions to the Physical Domain.
TL;DR: A Cyber Situation ontology (in OWL language) and a methodology for mapping the cyber and the physical domains are developed and developed, using a combination of open standards protocols and semantic technologies.
Proceedings ArticleDOI
Automated detection of malicious reconnaissance to enhance network security
TL;DR: This paper presents a novel technique for the automated detection of malicious network reconnaissance in a live network and suggests it can serve as a warning of future attacks and may provide clues as to the identity of the attacker.