Open Access
Computer security threat monitoring and surveillance
Reads0
Chats0
About:
The article was published on 1980-01-01 and is currently open access. It has received 1132 citations till now.read more
Citations
More filters
Journal ArticleDOI
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Animesh Patcha,Jung-Min Park +1 more
TL;DR: This paper provides a comprehensive survey of anomaly detection systems and hybrid intrusion detection systems of the recent past and present and discusses recent technological trends in anomaly detection and identifies open problems and challenges in this area.
Journal ArticleDOI
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
TL;DR: ReVirt removes the dependency on the target operating system by moving it into a virtual machine and logging below the virtual machine, and enables it to provide arbitrarily detailed observations about what transpired on the system, even in the presence of non-deterministic attacks and executions.
Journal ArticleDOI
Network Anomaly Detection: Methods, Systems and Tools
TL;DR: This paper provides a structured and comprehensive overview of various facets of network anomaly detection so that a researcher can become quickly familiar with every aspect of network anomalies detection.
Journal ArticleDOI
State transition analysis: a rule-based intrusion detection approach
TL;DR: The paper presents a new approach to representing and detecting computer penetrations in real time, called state transition analysis, which models penetrations as a series of state changes that lead from an initial secure state to a target compromised state.
Proceedings ArticleDOI
Intrusion detection via static analysis
David Wagner,R. Dean +1 more
TL;DR: It is shown how static analysis may be used to automatically derive a model of application behavior and the result is a host-based intrusion detection system with three advantages: a high degree of automation, protection against a broad class of attacks based on corrupted code, and the elimination of false alarms.