A survey of intrusion detection techniques
Computers and Security
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Communications of the ACM
Intrusion Detection via System Call Traces
IEEE Software
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Intrusion Detection Applying Machine Learning to Solaris Audit Data
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
An immunological approach to change detection: algorithms, analysis and implications
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Identifying key features for intrusion detection using neural networks
ICCC '02 Proceedings of the 15th international conference on Computer communication
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting network intrusions using signal processing with query-based sampling filter
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Neural networks-based detection of stepping-stone intrusion
Expert Systems with Applications: An International Journal
Alerts visualization and clustering in network-based intrusion detection
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Multistage attack detection system for network administrators using data mining
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
A gray-box DPDA-based intrusion detection technique using system-call monitoring
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Modular behavior profiles in systems with shared libraries (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Applying fuzzy neural network to intrusion detection based on sequences of system calls
ADMA'05 Proceedings of the First international conference on Advanced Data Mining and Applications
Web traffic profiling and characterization
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
| Hi-index | 0.00 |
Profiling the behavior of programs can be a useful reference for detecting potential intrusions against systems. This paper presents three anomaly detection techniques for profiling program behavior that evolve from memorization to generalization. The goal of monitoring program behavior is to be able to detect potential intrusions by noting irregularities in program behavior. The techniques start from a simple equality matching algorithm for determining anomalous behavior, and evolve to a feed-forward backpropagation neural network for learning program behavior, and finally to an Elman network for recognizing recurrent features in program execution traces. In order to detect future attacks against systems, intrusion detection systems must be able to generalize from past observed behavior. The goal of this research is to employ machine learning techniques that can generalize from past observed behavior to the problem of intrusion detection. The performance of these systems is compared by testing them with data provided by the DARPA Intrusion Detection Evaluation program.