1 A new method for detecting anomalies in the usage of protocols in computer networks is presented in this work. The proposed methodology is applied to TCP and disposed in two step...
Intrusion detection systems (IDSs) fall into two high-level categories: network-based systems (NIDS) that monitor network behaviors, and host-based systems (HIDS) that monitor sys...
Intrusion detection systems (IDSs) attempt to identify attacks by comparing collected data to predefined signatures known to be malicious (misuse-based IDSs) or to a model of lega...
A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process' system calls. Initial experiments suggest that t...
Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaj...
In this paper we discuss a data mining framework for constructing intrusion detection models. The key ideas are to mine system audit data for consistent and useful patterns of pro...