Using Text Categorization Techniques for Intrusion Detection
Proceedings of the 11th USENIX Security Symposium
System approach to intrusion detection using hidden Markov model
Proceedings of the 2006 international conference on Wireless communications and mobile computing
Attack profiles to derive data observations, features, and characteristics of cyber attacks
Information-Knowledge-Systems Management
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Detecting Denial-of-Service attacks using the wavelet transform
Computer Communications
Processing of massive audit data streams for real-time anomaly intrusion detection
Computer Communications
High-order Markov kernels for intrusion detection
Neurocomputing
DDoS attacks detection model and its application
WSEAS Transactions on Computers
A method of run-time detecting DDos attacks
ICCOMP'08 Proceedings of the 12th WSEAS international conference on Computers
Hybrid Intrusion Forecasting Framework for Early Warning System
IEICE - Transactions on Information and Systems
On Metrics to Distinguish Skype Flows from HTTP Traffic
Journal of Network and Systems Management
Adaptive intrusion detection & prevention of denial of service attacks in MANETs
Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Constructing attribute weights from computer audit data for effective intrusion detection
Journal of Systems and Software
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
A risk-sensitive intrusion detection model
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Intrusion detection based on data mining
ICIC'06 Proceedings of the 2006 international conference on Intelligent computing: Part II
Building an inter-IDS central analysis platform in the network center of China's central bank
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Feasibility of one-class-SVM for anomaly detection in telecommunication network
CIMMACS'07 Proceedings of the 6th WSEAS international conference on Computational intelligence, man-machine systems and cybernetics
High-order markov kernels for network intrusion detection
ICONIP'06 Proceedings of the 13th international conference on Neural information processing - Volume Part III
Anomaly detection techniques for a web defacement monitoring service
Expert Systems with Applications: An International Journal
Polymorphic code detection with GA optimized markov models
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
An SVM-Based masquerade detection method with online update using co-occurrence matrix
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Anomaly detection method based on HMMs using system call and call stack information
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
An efficient anomaly detection algorithm for vector-based intrusion detection systems
ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
A brief observation-centric analysis on anomaly-based intrusion detection
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Mining statistically significant substrings using the chi-square statistic
Proceedings of the VLDB Endowment
Advanced probabilistic approach for network intrusion forecasting and detection
Expert Systems with Applications: An International Journal
E-NIPS: an event-based network intrusion prediction system
ISC'07 Proceedings of the 10th international conference on Information Security
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits
ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing
Infinite Dirichlet mixture models learning via expectation propagation
Advances in Data Analysis and Classification
| Hi-index | 0.00 |
This paper presents a series of studies on probabilistic properties of activity data in an information system for detecting intrusions into the information system. Various probabilistic techniques of intrusion detection, including decision tree, Hotelling's T2 test, chi-square multivariate test, and Markov chain are applied to the same training set and the same testing set of computer audit data for investigating the frequency property and the ordering property of computer audit data. The results of these studies provide answers to several questions concerning which properties are critical to intrusion detection. First, our studies show that the frequency property of multiple audit event types in a sequence of events is necessary for intrusion detection. A single audit event at a given time is not sufficient for intrusion detection. Second, the ordering property of multiple audit events provides additional advantage to the frequency property for intrusion detection. However, unless the scalability problem of complex data models taking into account the ordering property of activity data is solved, intrusion detection techniques based on the frequency property provide a viable solution that produces good intrusion detection performance with low computational overhead