Locality as a unifying concept for understanding the normal behavior of benign users of computer systems is suggested as a unifying paradigm that will support the detection of mal...
Network intrusion detection and prevention systems are vulnerable to evasion by attackers who craft ambiguous traffic to breach the defense of such systems. A normalizer is an inl...
Storage-based intrusion detection allows storage systems to transparently watch for suspicious activity. Storage systems are well-positioned to spot several common intruder action...
Adam G. Pennington, John Linwood Griffin, John S. ...
—Bloom Filters (BFs) are fundamental building blocks in various network security applications, where packets from high-speed links are processed using state-of-the-art hardwareba...
N. Sertac Artan, Kaustubh Sinkar, Jalpa Patel, H. ...
We perform host-based intrusion detection by constructing a model from a program’s binary code and then restricting the program’s execution by the model. We improve the effecti...
Jonathon T. Giffin, David Dagon, Somesh Jha, Wenke...