Network attacks are commonplace in the Internet. One of the defense mechanisms against the network attacks is using a baseline profile established during normal operation to detec...
Abstract. We discuss an approach to reducing the number of events accepted by anomaly detection systems, based on alternative schemes for interest-ranking. The basic assumption is ...
Most intrusion detection systems apply the misuse detection approach. Misuse detection compares recorded audit data with predefined patterns denoted as signatures. A signature is ...
Abstract. We propose a framework for intrusion detection that is based on runtime monitoring of temporal logic specifications. We specify intrusion patterns as formulas in an expre...
An Intrusion Detection Program (IDP) analyzes what happens or has happened during an execution and tries to find indications that the computer has been misused. In this talk, we p...