Automatic text processing: the transformation, analysis, and retrieval of information by computer
Automatic text processing: the transformation, analysis, and retrieval of information by computer
Document retrieval: A structural approach
Information Processing and Management: an International Journal
Artificial intelligence: a modern approach
Artificial intelligence: a modern approach
Stereotypes in information filtering systems
Information Processing and Management: an International Journal
Activity monitoring: noticing interesting changes in behavior
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
ACM Computing Surveys (CSUR)
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A large scale distributed intrusion detection framework based on attack strategy analysis
Computer Networks: The International Journal of Computer and Telecommunications Networking
Decision Support Systems - From information retrieval to knowledge management: enabling technologies and best practices
Data mining: concepts and techniques
Data mining: concepts and techniques
Intrusion detection using autonomous agents
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Improving intrusion detection performance using keyword selection and neural networks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A vector space model for automatic indexing
Communications of the ACM
Information Processing and Management: an International Journal
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Principles of data mining
Information Filtering: Overview of Issues, Research and Systems
User Modeling and User-Adapted Interaction
ADMIT: anomaly-based data mining for intrusions
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
An Architecture for Intrusion Detection Using Autonomous Agents
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Applying CMAC-Based On-Line Learning to Intrusion Detection
IJCNN '00 Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN'00)-Volume 5 - Volume 5
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection through learning behavior model
Computer Communications
Modeling requests among cooperating intrusion detection systems
Computer Communications
Answering form-based web queries using the data-mining approach
Journal of Intelligent Information Systems
User Modeling and User-Adapted Interaction
Improving classification based off-topic search detection via category relationships
Proceedings of the 2009 ACM symposium on Applied Computing
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Hi-index | 0.00 |
As became apparent after the tragic events of September 11, 2001, terrorist organizations and other criminal groups are increasingly using the legitimate ways of Internet access to conduct their malicious activities. Such actions cannot be detected by existing intrusion detection systems that are generally aimed at protecting computer systems and networks from some kind of "cyber attacks". Preparation of an attack against the human society itself can only be detected through analysis of the content accessed by the users. The proposed study aims at developing an innovative methodology for abnormal activity detection, which uses web content as the audit information provided to the detection system. The new behavior-based detection method learns the normal behavior by applying an unsupervised clustering algorithm to the contents of publicly available web pages viewed by a group of similar users. In this paper, we represent page content by the well-known vector space model. The content models of normal behavior are used in real-time to reveal deviation from normal behavior at a specific location on the net. The detection algorithm sensitivity is controlled by a threshold parameter. The method is evaluated by the trade-off between the detection rate (TP) and the false positive rate (FP).