Proceedings ArticleDOI
An Intrusion-Detection Model
Dorothy E. Denning
- pp 118-118
Reads0
Chats0
TLDR
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.Abstract:
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.read more
Citations
More filters
Anomaly Intrusion Detection Techniques: A Brief Review
TL;DR: The various techniques of anomaly based intrusion detection system reported in the literature have been sorted out on the parameters like their strength and weakness and direction to intrusion detection methods based on ensemble of ML techniques are given.
Book ChapterDOI
Towards the designing of a robust intrusion detection system through an optimized advancement of neural networks
TL;DR: The main objective of this research is to present an adaptive, flexible and optimize neural network architecture for intrusion detection system that provides the potential to identify network activity in a robust way.
Journal ArticleDOI
The importance of generalizability for anomaly detection
TL;DR: This article confirms that in anomaly detection as in other forms of classification a tight fit does not supersede model generality and is shown using three systems each with a different geometric bias in the decision space.
Proceedings ArticleDOI
Supporting interoperability to heterogeneous IDS in secure networking framework
TL;DR: This paper designs an alert data format compatible IDMEF and converted raw alert data to Ladon-alert data to support interoperability and designed and developed integrated IDS on gateway, and security control server on higher-level class.
Proceedings ArticleDOI
A Survey of Anomaly and Automation from a Cybersecurity Perspective
Michael Donevski,Tanveer A. Zia +1 more
TL;DR: The paper examines the literature and outlines research undertaken in the cybersecurity domain combating unknown or previously not seen cyber-attacks with focus on autonomous management of anomalies.