Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Proceedings Article
Reflecting on the Use of Sonification for Network Monitoring
TL;DR: This paper describes and reflects critically on the shortcomings of traditional network-monitoring methods and identifies the key role that sonification, if implemented correctly, could play in improving current monitoring capabilities.
Book ChapterDOI
A Metamodel for Web Application Injection Attacks and Countermeasures
Hannes Holm,Mathias Ekstedt +1 more
TL;DR: The scope of the model is to provide low-effort guidance on an abstraction level of use for an enterprise decision maker when deciding between different countermeasures for web application injection attacks.
Insider Threat: User Identification Via Process Profiling
TL;DR: An insider threat detection system based on the Näıve Bayes method which examines process usage data and creates individual profiles for users is developed and is able to determine who is controlling the workstation with high accuracy.
Journal ArticleDOI
Research and Application of an improved Support Vector Clustering Algorithm on Anomaly Detection
Sheng Sun,Yuanzhen Wang +1 more
TL;DR: A novel weighted support vector clustering algorithm for anomaly detection that has excellent capability and applying it in intrusion detection system can be an effective way via using the data sets of KDD cup 99.
Proceedings ArticleDOI
Host-based intrusion detection by monitoring Windows registry accesses
TL;DR: The results of this study show that the proposed system is effective in detecting the behavior of malicious software and has a low rate of false alarms compared to other host-based intrusion detection systems.