IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Intrusion detection: its role and validation
Computers and Security
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
A Theory of Networks for Approximation and Learning
A Theory of Networks for Approximation and Learning
Prioritizing Information for the Discovery of Phenomena
Journal of Intelligent Information Systems
The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
An Intrusion Detection System for Aglets
MA '02 Proceedings of the 6th International Conference on Mobile Agents
Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
An new intrusion detection method based on linear prediction
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Application of SVM and ANN for intrusion detection
Computers and Operations Research
A Machine Learning Evaluation of an Artificial Immune System
Evolutionary Computation
Measuring intrusion detection capability: an information-theoretic approach
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Real-time data attack isolation for commercial database applications
Journal of Network and Computer Applications
A latent class modeling approach to detect network intrusion
Computer Communications
NetHost-sensor: Monitoring a target host's application via system calls
Information Security Tech. Report
Detecting malicious java code using virtual machine auditing
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Detecting Denial-of-Service attacks using the wavelet transform
Computer Communications
A real-time intrusion prevention system for commercial enterprise databases and file systems
AIKED'05 Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases
A real-time intrusion prevention system for commercial enterprise databases
SEPADS'05 Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems
A real-time intrusion prevention system for commercial enterprise databases and file systems
MMACTEE'08 Proceedings of the 10th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering
The implementation and evaluation of a recovery system for workflows
Journal of Network and Computer Applications
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Flow-net methodology for accountability in wireless networks
IEEE Network: The Magazine of Global Internetworking
Dependability metrics
Fusing intrusion data for detection and containment
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
A Feed-Forward Neural Network for Solving Stokes Problem
Acta Applicandae Mathematicae: an international survey journal on applying mathematics and mathematical applications
A neural network model for detection systems based on data mining and false errors
EUC'06 Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing
A brief observation-centric analysis on anomaly-based intrusion detection
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Towards an information-theoretic framework for analyzing intrusion detection systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
A fast host-based intrusion detection system using rough set theory
Transactions on Rough Sets IV
A dead-lock free self-healing algorithm for distributed transactional processes
ICISS'06 Proceedings of the Second international conference on Information Systems Security
A framework for post-event timeline reconstruction using neural networks
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Detection of suspicious behavior from a sparse set of multiagent interactions
Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems - Volume 2
Accountability and Q-Accountable Logging in Wireless Networks
Wireless Personal Communications: An International Journal
| Hi-index | 0.01 |
We model computer transactions as generated by two stationary stochastic processes, the legitimate (normal) process N and the misuse process M. We define misuse (anomaly) detection to be the identification of transactions most likely to have been generated by M. We formally demonstrate that the accuracy of misuse detectors is bounded by a function of the difference of the densities of the processes N and M over the space of transactions. In practice, detection accuracy can be far below this bound, and generally improves with increasing sample size of historical (training) data. Careful selection of transaction attributes also can improve detection accuracy; we suggest several criteria for attribute selection, including adequate sampling rate and separation between models. We demonstrate that exactly optimizing even the simplest of these criteria is NP-hard, thus motivating a heuristic approach. We further differentiate between modeling (density estimation) and nonmodeling approaches.