CiteSeerX — Search Results — intrusion detection force

Results 1 - 10 of 13,237

Intrusion Detection Force: An Infrastructure For Internet-Scale Intrusion Detection

by Lawrence Teo, Yuliang Zheng, Gail-joon Ahn - In Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03) (2003

"... Intrusion Detection Systems (IDSs) are usually deployed within the confines of an organization. There is usually no exchange of information between an IDS in one organization with those in other organizations. The effectiveness of IDSs at detecting present-day sophisticated attacks would increase si ..."

Abstract - Cited by 3 (0 self) - Add to MetaCart

significantly if there are inter-organizational communication and sharing of information among IDSs. We envision a global Internet-scale defense infrastructure, which we call the Intrusion Detection Force (IDF), that would protect organizations and defend the Internet as a whole. This paper provides a blueprint

A Virtual Machine Introspection Based Architecture for Intrusion Detection

by Tal Garfinkel, Mendel Rosenblum - In Proc. Network and Distributed Systems Security Symposium , 2003

"... Today's architectures for intrusion detection force the IDS designer to make a difficult choice. If the IDS resides on the host, it has an excellent view of what is happening in that host's software, but is highly susceptible to attack. On the other hand, if the IDS resides in the network, ..."

Abstract - Cited by 423 (5 self) - Add to MetaCart

Today's architectures for intrusion detection force the IDS designer to make a difficult choice. If the IDS resides on the host, it has an excellent view of what is happening in that host's software, but is highly susceptible to attack. On the other hand, if the IDS resides in the network

An intrusion-detection model

by Dorothy E. Denning - IEEE TRANSACTIONS ON SOFTWARE ENGINEERING , 1987

"... A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of sy ..."

Abstract - Cited by 639 (0 self) - Add to MetaCart

A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns

Snort - Lightweight Intrusion Detection for Networks

by Martin Roesch, Stanford Telecommunications , 1999

"... Permission is granted for noncommercial reproduction of the work for educational or research purposes. ..."

Abstract - Cited by 1142 (1 self) - Add to MetaCart

Permission is granted for noncommercial reproduction of the work for educational or research purposes.

Data Mining Approaches for Intrusion Detection,

by Wenke Lee , Salvatore J Stolfo - in the 7th USENIX Security Symposium, , 1998

"... Abstract In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns of system features that describe program and user behavior, and use the set of relevant sys ..."

Abstract - Cited by 435 (23 self) - Add to MetaCart

Abstract In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns of system features that describe program and user behavior, and use the set of relevant

Intrusion Detection in Wireless Ad-Hoc Networks

by Yongguang Zhang, Wenke Lee , 2000

"... As the recent denial-of-service attacks on several major Internet sites have shown us, no open computer network is immune from intrusions. The wireless ad-hoc network is particularly vulnerable due to its features of open medium, dynamic changing topology, cooperative algorithms, lack of centralized ..."

Abstract - Cited by 415 (4 self) - Add to MetaCart

of centralized monitoring and management point, and lack of a clear line of defense. Many of the intrusion detection techniques developed on a xed wired network are not applicable in this new environment. How to do it dierently and effectively is a challenging research problem. In this paper, we rst examine

Detecting intrusion using system calls: alternative data models

by Christina Warrender, Stephanie Forrest, Barak Pearlmutter - In Proceedings of the IEEE Symposium on Security and Privacy , 1999

"... Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. In this paper we study one such observable— sequences of system calls into the kernel of an operating system. Using system-call data sets generated by several differen ..."

Abstract - Cited by 433 (3 self) - Add to MetaCart

Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. In this paper we study one such observable— sequences of system calls into the kernel of an operating system. Using system-call data sets generated by several

Snakes: Active contour models

by Michael Kass, Andrew Witkin, Demetri Terzopoulos - INTERNATIONAL JOURNAL OF COMPUTER VISION , 1988

"... A snake is an energy-minimizing spline guided by external constraint forces and influenced by image forces that pull it toward features such as lines and edges. Snakes are active contour models: they lock onto nearby edges, localizing them accurately. Scale-space continuation can be used to enlarge ..."

Abstract - Cited by 3951 (17 self) - Add to MetaCart

A snake is an energy-minimizing spline guided by external constraint forces and influenced by image forces that pull it toward features such as lines and edges. Snakes are active contour models: they lock onto nearby edges, localizing them accurately. Scale-space continuation can be used to enlarge

A Sense of Self for Unix Processes

by Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, Thomas A. Longstaff - In Proceedings of the 1996 IEEE Symposium on Security and Privacy , 1996

"... A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process ' system calls. Initial experiments suggest that the definition is stable during normal behavior for standard UNIX programs. Further, it is able to detect several common ..."

Abstract - Cited by 689 (27 self) - Add to MetaCart

A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process ' system calls. Initial experiments suggest that the definition is stable during normal behavior for standard UNIX programs. Further, it is able to detect several common

Intrusion Detection using Sequences of System Calls

by Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji - Journal of Computer Security , 1998

"... A method is introducted for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running processes are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal behavio ..."

Abstract - Cited by 396 (15 self) - Add to MetaCart

A method is introducted for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running processes are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal

Results 1 - 10 of 13,237

Tools