ARGuE (Advanced Research Guard for Experimentation) is a prototype guard being developed as a basis for experimentation. ARGuE is based on Network Associates' Gauntlet firewa...
A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process' system calls. Initial experiments suggest that t...
Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaj...
Histograms are widely used in medical imaging, network intrusion detection, packet analysis and other streambased high throughput applications. However, while porting such software...
This paper describes an expert system development toolset called the Production-Based Expert System Toolset (P-BEST) and how it is employed in the development of a modern generic ...
: Most intrusion detection systems deployed today apply misuse detection as analysis method. Misuse detection searches for attack traces in the recorded audit data using predefined...