: Although the main aim of IDSs is to detect intrusions to prompt evasive measures, a further aim can be to supply evidence in criminal and civil legal proceedings. However the fea...
We introduce a notion, behavioral distance, for evaluating the extent to which processes—potentially running different programs and executing on different platforms—behave si...
In this paper we present a structured methodology for evaluating cost of responses based on three factors: the response operational cost associated with the daily maintenance of t...
Chris Strasburg, Natalia Stakhanova, Samik Basu, J...
— Polymorphic worms can change their byte sequence as they replicate and propagate, thwarting the traditional signature analysis techniques used by many intrusion detection syste...
We have built a system for protecting Internet services to securely connected, known users. It implements a generate-and-test approach for on-line attack identification and uses s...
James C. Reynolds, James E. Just, Larry A. Clough,...