IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Anomaly Detection over Noisy Data using Learned Probability Distributions
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Estimating the Support of a High-Dimensional Distribution
Neural Computation
Intrusion detection using sequences of system calls
Journal of Computer Security
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
A holistic approach to service survivability
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
STRIDER: A Black-box, State-based Approach to Change and Configuration Management and Support
LISA '03 Proceedings of the 17th USENIX conference on System administration
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Behavior-based modeling and its application to Email analysis
ACM Transactions on Internet Technology (TOIT)
Proceedings of the 4th ACM workshop on Recurring malcode
Automated known problem diagnosis with event traces
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Attack profiles to derive data observations, features, and characteristics of cyber attacks
Information-Knowledge-Systems Management
A comparative evaluation of two algorithms for Windows Registry Anomaly Detection
Journal of Computer Security
Automatic misconfiguration troubleshooting with peerpressure
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Anomaly detection in computer security and an application to file system accesses
ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
An email worm vaccine architecture
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
We present a host-based intrusion detection system (IDS) for Microsoft Windows. The core of the system is an algorithm that detects attacks on a host machine by looking for anomalous accesses to the Windows Registry. The key idea is to first train a model of normal registry behavior on a windows host, and use this model to detect abnormal registry accesses at run-time. The normal model is trained using clean (attack-free) data. At run-time the model is used to check each access to the registry in real time to determine whether or not the behavior is abnormal and (possibly) corresponds to an attack. The system is effective in detecting the actions of malicious software while maintaining a low rate of false alarms