A model is presented that characterizes security logs as a collection of norms that reflect patterns of emergent behavior. An analysis technique for detecting behavioral norms based on these logs is described and evaluated. The application of behavioral norms is considered, including its use in system security evaluation and anomaly detection.
Bruce Christianson: Right, I think it was Dijkstra 1 who said that if you don't formally specify a system it can never be insecure, it can only be surprising. The obvious course of action is for the European Commission to make formal specification illegal and then announce victory. But here to put the other side of that particular argument are Olgierd and… (More)
The normative security paradigm seeks to view a system as a society in which security is achieved by a combination of legislative provisions and normative behaviors. Drawing solely on legislative provisions is insufficient to achieve a just and orderly society. Similarly, security paradigms that focus solely on security policies and controls are… (More)