Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Dissertation
Applicability analysis of intrusion detection and prevention in automotive systems
TL;DR: It is concluded that the diversity of automotive architectures make it difficult to produce a model of a complete car that is detailed yet generalizable and sufficient, and any successful automotive IDPS will have to be based on common ground at a lower level, e.g. the CAN or FlexRay buses.
Dissertation
Machine learning and feature engineering for computer network security
TL;DR: This thesis presents a framework for automatically constructing relevant features suitable for machine learning directly from network traffic, and tests the effectiveness of the framework by applying it to three Cyber security problems: HTTP tunnel detection, DNS tunnel Detection, and traffic classification.
Book ChapterDOI
Intrusion-Tolerant Security Servers for Delta-4
Laurent Blain,Yves Deswarte +1 more
TL;DR: This paper describes a new approach for security in open distributed systems based on a fragmentation-scattering technique applied to a security server running on several security sites such that intrusions into a number of sites less than a given threshold have no consequence on the global security.
BookDOI
Computation, Cryptography, and Network Security
TL;DR: This book will appeal to operations research analysts, engineers, community decision makers, academics, the military community, practitioners sharing the current state-of-the-art, and analysts from coalition partners.
Book ChapterDOI
G-means: a clustering algorithm for intrusion detection
TL;DR: A heuristic clustering algorithm called G-means is presented for intrusion detection, which is based on density-based clustering and K-Means and overcomes the shortcomings of K-mean.