UNICORN: misuse detection for UNICOS
Supercomputing '95 Proceedings of the 1995 ACM/IEEE conference on Supercomputing
DEMIDS: a misuse detection system for database systems
Integrity and internal control information systems
Security in Computing
Misuse detection for information retrieval systems
CIKM '03 Proceedings of the twelfth international conference on Information and knowledge management
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Using relevance feedback to detect misuse for information retrieval systems
Proceedings of the thirteenth ACM international conference on Information and knowledge management
On off-topic access detection in information systems
Proceedings of the 14th ACM international conference on Information and knowledge management
Automated recognition of event scenarios for digital forensics
Proceedings of the 2006 ACM symposium on Applied computing
Insider attack and real-time data mining of user behavior
IBM Journal of Research and Development - Business optimization
The design of framework for detecting an insider's leak of confidential information
Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
A logic-based model to support alert correlation in intrusion detection
Information Fusion
An Active Defense Model and Framework of Insider Threats Detection and Sense
IAS '09 Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01
IEEE Security and Privacy
A proposed model for data warehouse user behaviour using intrusion detection system
ACM SIGSOFT Software Engineering Notes
Hi-index | 0.00 |
We describe research into the identification of anomalous events and event patterns as manifested in computer system logs. Prototype software has been developed with a capability that identifies anomalous events based on usage patterns or user profiles, and alerts administrators when such events are identified. To reduce the number of false positive alerts we have investigated the use of different user profile training techniques and introduce the use of abstractions to group together applications which are related. Our results suggest that the number of false alerts that are generated is significantly reduced when a growing time window is used for user profile training and when abstraction into groups of applications is used.