Community epidemic detection using time-correlated anomalies

LUCID, the dataflow programming language

LUCID, the dataflow programming language

Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking

Constructing attack scenarios through correlation of intrusion alerts

Proceedings of the 9th ACM conference on Computer and communications security

Mimicry attacks on host-based intrusion detection systems

Proceedings of the 9th ACM conference on Computer and communications security

Anomaly Detection over Noisy Data using Learned Probability Distributions

ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning

Probabilistic Alert Correlation

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection

Detecting Manipulated Remote Call Streams

Proceedings of the 11th USENIX Security Symposium

Throttling Viruses: Restricting propagation to defeat malicious mobile code

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference

Alert Correlation in a Cooperative Intrusion Detection Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy

"Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy

Anomaly Detection Using Call Stack Information

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy

A Neural Network Component for an Intrusion Detection System

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy

A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy

A taxonomy of computer worms

Proceedings of the 2003 ACM workshop on Rapid malcode

Worm anatomy and model

Proceedings of the 2003 ACM workshop on Rapid malcode

Gray-box extraction of execution graphs for anomaly detection

Proceedings of the 11th ACM conference on Computer and communications security

Vigilante: end-to-end containment of internet worms

Proceedings of the twentieth ACM symposium on Operating systems principles

Host-based detection of worms through peer-to-peer cooperation

Proceedings of the 2005 ACM workshop on Rapid malcode

Anomalous system call detection

ACM Transactions on Information and System Security (TISSEC)

Exploiting temporal consistency to reduce false positives in host-based, collaborative detection of worms

Proceedings of the 4th ACM workshop on Recurring malcode

Automatic misconfiguration troubleshooting with peerpressure

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6

Very fast containment of scanning worms

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Communication-Efficient Tracking of Distributed Cumulative Triggers

ICDCS '07 Proceedings of the 27th International Conference on Distributed Computing Systems

Intrusion detection using sequences of system calls

Journal of Computer Security

Principled reasoning and practical applications of alert fusion in intrusion detection systems

Proceedings of the 2008 ACM symposium on Information, computer and communications security

Understanding precision in host based intrusion detection: formal analysis and practical models

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection

Behavioral distance for intrusion detection

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection