Intrusion detection for distributed applications
Communications of the ACM
The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Hiding Intrusions: From the Abnormal to the Normal and Beyond
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
BlueBoX: A policy-driven, host-based intrusion detection system
ACM Transactions on Information and System Security (TISSEC)
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
"Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Markov Chains, Classifiers, and Intrusion Detection
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Visualizing and Identifying Intrusion Context from System Calls Trace
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Architecture for an Artificial Immune System
Evolutionary Computation
Intrusion detection using sequences of system calls
Journal of Computer Security
Hi-index | 0.00 |
Anomaly-based intrusion detection (AID) techniques are useful for detecting novel intrusions into computing resources. One of simple but typical AID detectors proposed to date is stide, which is based on analysis of system call sequences. In this paper, we present a detailed formal framework to analyze, understand and improve the performance of stide and similar AID techniques. Several important properties of stide-like detectors are established through formal theorems, and validated by carefully conducted experiments using test datasets. Finally, the framework is utilized to reduce the cost of developing AID detectors by identifying the critical sections in the training dataset.