Society has grown to rely on Internet services, and the number of Internet users increases every day. As more and more users become connected to the network, the window of opportu...
We have been developing a data mining (i.e., knowledge discovery) framework, MADAM ID, for Mining Audit Data for Automated Models for Intrusion Detection [LSM98, LSM99b, LSM99a]. ...
Alert correlation systems are post-processing modules that enable intrusion analysts to find important alerts and filter false positives efficiently from the output of Intrusion...
We present and empirically analyze a machine-learning approach for detecting intrusions on individual computers. Our Winnowbased algorithm continually monitors user and system beh...
Current intrusion detection systems point out suspicious states or events but do not show how the suspicious state or events relate to other states or events in the system. We sho...
Samuel T. King, Zhuoqing Morley Mao, Dominic G. Lu...