Elements of information theory
Elements of information theory
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Anomaly Detection in Embedded Systems
IEEE Transactions on Computers - Special issue on fault-tolerant embedded systems
Active learning for automatic classification of software behavior
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
An new intrusion detection method based on linear prediction
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Analyzing and evaluating dynamics in stide performance for intrusion detection
Knowledge-Based Systems
Trace anomalies as precursors of field failures: an empirical study
Empirical Software Engineering
Seeing the invisible: forensic uses of anomaly detection and machine learning
ACM SIGOPS Operating Systems Review
Selecting and Improving System Call Models for Anomaly Detection
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Joint network-host based malware detection using information-theoretic tools
Journal in Computer Virology
HMMs for anomaly intrusion detection
CIS'04 Proceedings of the First international conference on Computational and Information Science
Polymorphic code detection with GA optimized markov models
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Improvement of protocol anomaly detection based on markov chain and its application
ISPA'05 Proceedings of the 2005 international conference on Parallel and Distributed Processing and Applications
Two effective methods to detect anomalies in embedded systems
Microelectronics Journal
A reinforcement learning approach for host-based intrusion detection using sequences of system calls
ICIC'05 Proceedings of the 2005 international conference on Advances in Intelligent Computing - Volume Part I
Anomaly detector performance evaluation using a parameterized environment
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Hidden markov model based intrusion detection
WISI'06 Proceedings of the 2006 international conference on Intelligence and Security Informatics
| Hi-index | 0.01 |
Abstract: This paper presents a statistical anomaly detection algorithm based on Markov chains. Our algorithm can be directly applied for intrusion detection by discovering anomalous activities. Our framework for constructing anomaly detectors is very general and can be used by other researchers for constructing Markov-chain-based anomaly detectors. We also present performance metrics for evaluating the effectiveness of anomaly detectors. Extensive experimental results clearly demonstrate the effectiveness of our algorithm. We discuss several future directions for research based on the framework presented in this paper.