Twenty Years of Document Image Analysis in PAMI
IEEE Transactions on Pattern Analysis and Machine Intelligence
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Characterizing the behavior of a program using multiple-length N-grams
Proceedings of the 2000 workshop on New security paradigms
Communications of the ACM
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
The 1998 Lincoln Laboratory IDS Evaluation
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Text classification using string kernels
The Journal of Machine Learning Research
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
IEEE Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Language-Based Generation and Evaluation of NIDS Signatures
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
From outliers to prototypes: Ordering data
Neurocomputing
Intrusion detection using sequences of system calls
Journal of Computer Security
File searching using variable length keys
IRE-AIEE-ACM '59 (Western) Papers presented at the the March 3-5, 1959, western joint computer conference
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Anomalous payload-based worm detection and signature generation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Detecting worm variants using machine learning
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Automatic feature selection for anomaly detection
Proceedings of the 1st ACM workshop on Workshop on AISec
A Self-learning System for Detection of Anomalous SIP Messages
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Using automatic signature generation as a sensor backend
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Active and Semi-supervised Data Domain Description
ECML PKDD '09 Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases: Part I
Feature Selection for Density Level-Sets
ECML PKDD '09 Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases: Part I
Active learning for network intrusion detection
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
TokDoc: a self-healing web application firewall
Proceedings of the 2010 ACM Symposium on Applied Computing
Cujo: efficient detection and prevention of drive-by-download attacks
Proceedings of the 26th Annual Computer Security Applications Conference
ASAP: automatic semantics-aware analysis of network payloads
PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
Efficient algorithms for similarity measures over sequential data: a look beyond kernels
DAGM'06 Proceedings of the 28th conference on Pattern Recognition
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Security analysis of online centroid anomaly detection
The Journal of Machine Learning Research
Toward supervised anomaly detection
Journal of Artificial Intelligence Research
A close look on n-grams in intrusion detection: anomaly detection vs. classification
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Hi-index | 0.00 |
We propose a method for network intrusion detection based on language models such as n-grams and words. Our method proceeds by extracting these models from TCP connection payloads and applying unsupervised anomaly detection. The essential part of our approach is linear-time computation of similarity measures between language models stored in trie data structures Results of our experiments conducted on two datasets of network traffic demonstrate the importance of higher-order n-grams for detection of unknown network attacks. Our method is also suitable for language models based on words, which are more amenable in practical security applications. An implementation of our system achieved detection accuracy of over 80% with no false positives on instances of recent attacks in HTTP, FTP and SMTP traffic