A new approach to text searching
SIGIR '89 Proceedings of the 12th annual international ACM SIGIR conference on Research and development in information retrieval
The String-to-String Correction Problem
Journal of the ACM (JACM)
Identification of host audit data to detect attacks on low-level IP vulnerabilities
Journal of Computer Security
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
An environment for security protocol intrusion detection
Journal of Computer Security
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Some new attacks upon security protocols
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Temporal Signatures for Intrusion Detection
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Prudent Engineering Practice for Cryptographic Protocols
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection using sequences of system calls
Journal of Computer Security
Establishing fraud detection patterns based on signatures
ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
| Hi-index | 0.00 |
Anomaly-based Intrusion Detection Systems (IDS) have been widely recognized for their potential to prevent and reduce damage to information systems. In order to build their profiles and to generate their requisite behavior observations, these systems rely on access to payload data, either in the network or on the host system. With the growing reliance on encryption technology, less and less payload data is available for analysis. In order to accomplish intrusion detection in an encrypted environment, a new data representation must emerge. In this paper, we present a knowledge engineering approach to allow intrusion detection in an encrypted environment. Our approach relies on gathering and analyzing several forms of metadata relating to session activity of the principals involved and the protocols that they employ. We then apply statistical and pattern recognition methods to the metadata to distinguish between normal and abnormal activity and then to distinguish between legitimate and malicious behavior.