Building expert systems: a tutorial
Building expert systems: a tutorial
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
A Methodology for Testing Intrusion Detection Systems
IEEE Transactions on Software Engineering
Protecting routing infrastructures from denial of service using cooperative intrusion detection
NSPW '97 Proceedings of the 1997 workshop on New security paradigms
Intrusion detection in wireless ad-hoc networks
MobiCom '00 Proceedings of the 6th annual international conference on Mobile computing and networking
Balancing cooperation and risk in intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Adaptive Intrusion Detection: A Data Mining Approach
Artificial Intelligence Review - Issues on the application of data mining
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Real-time protocol analysis for detecting link-state routing protocol attacks
ACM Transactions on Information and System Security (TISSEC)
Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
A methodology to detect temporal regularities in user behavior for anomaly detection
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
The utilization of artificial intelligence in a hybrid intrusion detection system
SAICSIT '02 Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
Logic Control and “Reactive” Systems: Algorithmization and Programming
Automation and Remote Control
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Mining system audit data: opportunities and challenges
ACM SIGMOD Record
On a Pattern-Oriented Model for Intrusion Detection
IEEE Transactions on Knowledge and Data Engineering
Recovery from Malicious Transactions
IEEE Transactions on Knowledge and Data Engineering
Intrusion Detection Based on the Immune Human System
IPDPS '02 Proceedings of the 16th International Parallel and Distributed Processing Symposium
A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Designing a Web of Highly-Configurable Intrusion Detection Sensors
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
System Health and Intrusion Monitoring Using a Hierarchy of Constraints
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
From Declarative Signatures to Misuse IDS
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
A Digital Content Management Model for Making Profits in Digital Content Sites
ICADL '02 Proceedings of the 5th International Conference on Asian Digital Libraries: Digital Libraries: People, Knowledge, and Technology
Local Model-Checking of Modal Mu-Calculus on Acyclic Labeled Transition Systems
TACAS '02 Proceedings of the 8th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
An Intrusion Detection System for Aglets
MA '02 Proceedings of the 6th International Conference on Mobile Agents
Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility
ACM SIGKDD Explorations Newsletter
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Proceedings of the 25th International Conference on Software Engineering
Internet security and intrusion detection
Proceedings of the 25th International Conference on Software Engineering
Algorithms for mining system audit data
Data mining, rough sets and granular computing
Guarding the next Internet frontier: countering denial of information attacks
Proceedings of the 2002 workshop on New security paradigms
A Network State Based Intrusion Detection Model
ICCNMC '01 Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC'01)
Markov Chains, Classifiers, and Intrusion Detection
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Designing and implementing a family of intrusion detection systems
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Intrusion detection techniques for mobile wireless networks
Wireless Networks
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Naive Bayes vs decision trees in intrusion detection systems
Proceedings of the 2004 ACM symposium on Applied computing
A specification-based intrusion detection system for AODV
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
A cooperative intrusion detection system for ad hoc networks
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Active learning for automatic classification of software behavior
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
LiSP: A lightweight security protocol for wireless sensor networks
ACM Transactions on Embedded Computing Systems (TECS)
User re-authentication via mouse movements
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Testing network-based intrusion detection signatures using mutant exploits
Proceedings of the 11th ACM conference on Computer and communications security
LAD: Localization Anomaly Detection forWireless Sensor Networks
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks
IEEE Transactions on Mobile Computing
The role of suspicion in model-based intrusion detection
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Enhancing network intrusion detection systems with interval methods
Proceedings of the 2005 ACM symposium on Applied computing
SECA: security-enhanced communication architecture
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
Decentralized intrusion detection in wireless sensor networks
Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
High-throughput linked-pattern matching for intrusion detection systems
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Real-time data attack isolation for commercial database applications
Journal of Network and Computer Applications
A review of information security issues and respective research contributions
ACM SIGMIS Database
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
Attack profiles to derive data observations, features, and characteristics of cyber attacks
Information-Knowledge-Systems Management
Detecting and countering system intrusions using software wrappers
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Detecting malicious java code using virtual machine auditing
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A machine learning approach to TCP throughput prediction
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Learning program behavior profiles for intrusion detection
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Transaction-based anomaly detection
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
A new intrusion detection system using support vector machines and hierarchical clustering
The VLDB Journal — The International Journal on Very Large Data Bases
A user-oriented ontology-based approach for network intrusion detection
Computer Standards & Interfaces
An adaptive expert system approach for intrusion detection
International Journal of Security and Networks
International Journal of Information and Computer Security
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
A real-time intrusion prevention system for commercial enterprise databases and file systems
AIKED'05 Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases
A real-time intrusion prevention system for commercial enterprise databases
SEPADS'05 Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems
A real-time intrusion prevention system for commercial enterprise databases and file systems
MMACTEE'08 Proceedings of the 10th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering
Agent-Based Immunological Intrusion Detection System for Mobile Ad-Hoc Networks
ICCS '08 Proceedings of the 8th international conference on Computational Science, Part III
A security monitoring service for NoCs
CODES+ISSS '08 Proceedings of the 6th IEEE/ACM/IFIP international conference on Hardware/Software codesign and system synthesis
Network intrusion detection using genetic algorithm to find best DNA signature
WSEAS TRANSACTIONS on SYSTEMS
On the performance of a hybrid intrusion detection architecture for voice over IP systems
Proceedings of the 4th international conference on Security and privacy in communication netowrks
LIDeA: a distributed lightweight intrusion detection architecture for sensor networks
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Data mining-based intrusion detectors
Expert Systems with Applications: An International Journal
WSEAS Transactions on Information Science and Applications
State transition analysis to detect malicious program behavior
ICCOMP'08 Proceedings of the 12th WSEAS international conference on Computers
ACM Computing Surveys (CSUR)
A novel sequence representation for unsupervised analysis of human activities
Artificial Intelligence
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Neural network based intrusion detection system for critical infrastructures
IJCNN'09 Proceedings of the 2009 international joint conference on Neural Networks
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Attacks against computer network: formal grammar-based framework and simulation tool
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Anomaly intrusion detection by clustering transactional audit streams in a host computer
Information Sciences: an International Journal
AHSEN: autonomic healing-based self management engine for network management in hybrid networks
GPC'07 Proceedings of the 2nd international conference on Advances in grid and pervasive computing
A modular architecture for distributed IDS in MANET
ICCSA'03 Proceedings of the 2003 international conference on Computational science and its applications: PartIII
Lightweight anomaly intrusion detection in wireless sensor networks
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
An intrusion detection method based on system call temporal serial analysis
ICIC'07 Proceedings of the intelligent computing 3rd international conference on Advanced intelligent computing theories and applications
A visualization framework for traffic data exploration and scan detection
NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
Reduced complexity intrusion detection in sensor networks using genetic algorithm
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Intrusion Detection by Ellipsoid Boundary
Journal of Network and Systems Management
Damage assessment and repair in attack resilient distributed database systems
Computer Standards & Interfaces
The use of artificial intelligence based techniques for intrusion detection: a review
Artificial Intelligence Review
Network intrusion detection: dead or alive?
Proceedings of the 26th Annual Computer Security Applications Conference
Isolation solution for insecure information systems
DNCOCO'10 Proceedings of the 9th WSEAS international conference on Data networks, communications, computers
A machine learning approach to TCP throughput prediction
IEEE/ACM Transactions on Networking (TON)
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
Exploring discrepancies in findings obtained with the KDD Cup '99 data set
Intelligent Data Analysis
An efficient SVM-Based method to detect malicious attacks for web servers
APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
New algorithm mining intrusion patterns
FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part II
Probabilistic inference strategy in distributed intrusion detection systems
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
IDS false alarm reduction using continuous and discontinuous patterns
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Using boosting learning method for intrusion detection
ADMA'05 Proceedings of the First international conference on Advanced Data Mining and Applications
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
METAL – a tool for extracting attack manifestations
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A specification-based intrusion detection model for OLSR
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Adaptive algorithms to enhance routing and security for wireless PAN mesh networks
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Effective discovery of intrusion protection strategies
AIS-ADM 2005 Proceedings of the 2005 international conference on Autonomous Intelligent Systems: agents and Data Mining
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Hybrid intrusion detection model based on ordered sequences
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
DEMEM: distributed evidence-driven message exchange intrusion detection model for MANET
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
A fast host-based intrusion detection system using rough set theory
Transactions on Rough Sets IV
ESAS'06 Proceedings of the Third European conference on Security and Privacy in Ad-Hoc and Sensor Networks
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
Review: Artificial intelligence approaches to network management: recent advances and a survey
Computer Communications
Intrusion detection through learning behavior model
Computer Communications
Modeling requests among cooperating intrusion detection systems
Computer Communications
Design and implementation of a decentralized prototype system for detecting distributed attacks
Computer Communications
New class-dependent feature transformation for intrusion detection systems
Security and Communication Networks
SIPAD: SIP-VoIP Anomaly Detection using a Stateful Rule Tree
Computer Communications
Divided two-part adaptive intrusion detection system
Wireless Networks
| Hi-index | 0.01 |
This paper presents a new approach to representing and detecting computer penetrations in real-time. The approach, called state transition analysis, models penetrations as a series of state changes that lead from an initial secure state to a target compromised state. State transition diagrams, the graphical representation of penetrations, identify precisely the requirements for and the compromise of a penetration and present only the critical events that must occur for the successful completion of the penetration. State transition diagrams are written to correspond to the states of an actual computer system, and these diagrams form the basis of a rule-based expert system for detecting penetrations, called the state transition analysis tool (STAT). The design and implementation of a UNIX-specific prototype of this expert system, called USTAT, is also presented. This prototype provides a further illustration of the overall design and functionality of this intrusion detection approach. Lastly, STAT is compared to the functionality of comparable intrusion detection tools.