Crytographic limitations on learning Boolean formulae and finite automata
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Detection of abrupt changes: theory and application
Detection of abrupt changes: theory and application
Fundamentals of speech recognition
Fundamentals of speech recognition
A survey of intrusion detection techniques
Computers and Security
The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
The nature of statistical learning theory
The nature of statistical learning theory
Efficient learning of typical finite automata from random walks
Information and Computation
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Intrusion Detection via System Call Traces
IEEE Software
ICGI '98 Proceedings of the 4th International Colloquium on Grammatical Inference
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Intrusion Detection Applying Machine Learning to Solaris Audit Data
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Two state-based approaches to program-based anomaly detection
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
An Immunological Approach to Change Detection: Algorithms, Analysis and Implications
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Information bounds and quick detection of parameter changes in stochastic systems
IEEE Transactions on Information Theory
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Attack profiles to derive data observations, features, and characteristics of cyber attacks
Information-Knowledge-Systems Management
A comparative evaluation of two algorithms for Windows Registry Anomaly Detection
Journal of Computer Security
CompSysTech '07 Proceedings of the 2007 international conference on Computer systems and technologies
Formal architectural models for agent-based service systems
International Journal of Computer Applications in Technology
Intrusion Prevention in Information Systems: Reactive and Proactive Responses
Journal of Management Information Systems
Selecting and Improving System Call Models for Anomaly Detection
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Framework for Large-Scale Detection of Web Site Defacements
ACM Transactions on Internet Technology (TOIT)
A cost-based analysis of intrusion detection system configuration under active or passive response
Decision Support Systems
Modular behavior profiles in systems with shared libraries (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
SoIDPS: sensor objects-based intrusion detection and prevention system and its implementation
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
A comprehensive approach to anomaly detection in relational databases
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Anomaly detection in computer security and an application to file system accesses
ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
International Journal of Information Management: The Journal for Information Professionals
Hi-index | 0.00 |
This article describes variants of two state-based intrusion detection algorithms from Michael and Ghosh [2000] and Ghosh et al. [2000], and gives experimental results on their performance. The algorithms detect anomalies in execution audit data. One is a simply constructed finite-state machine, and the other two monitor statistical deviations from normal program behavior. The performance of these algorithms is evaluated as a function of the amount of available training data, and they are compared to the well-known intrusion detection technique of looking for novel n-grams in computer audit data.