Simple, state-based approaches to program-based anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Design and implement of firewall-log-based online attack detection system
InfoSecu '04 Proceedings of the 3rd international conference on Information security
A reference based analysis framework for analyzing system call traces
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Anomaly detection in monitoring sensor data for preventive maintenance
Expert Systems with Applications: An International Journal
Building components with embedded security monitors
Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
Data & Knowledge Engineering
A comparative study of negative selection based anomaly detection in sequence data
ICARIS'12 Proceedings of the 11th international conference on Artificial Immune Systems
Data Mining and Knowledge Discovery
| Hi-index | 0.00 |
This paper describes two intrusion detection algorithms, and gives experimental results on their performance. The algorithms detect anomalies in execution audit data. One is a simply constructed finite-state machine, and the other monitors statistical deviations from normal program behavior. The performance of these algorithms is evaluated as a function of the amount of available training data, and they are compared to the well-known intrusion detection technique of looking for novel n-grams in computer audit data.