Abstraction-based intrusion detection in distributed environments

  title={Abstraction-based intrusion detection in distributed environments},
  author={Peng Ning and Sushil Jajodia and Xiaoyang Sean Wang},
  journal={ACM Trans. Inf. Syst. Secur.},
Abstraction is an important issue in intrusion detection, since it not only hides the difference between heterogeneous systems, but also allows generic intrusion-detection models. However, abstraction is an error-prone process and is not well supported in current intrusion-detection systems (IDSs). This article presents a hierarchical model to support attack specification and event abstraction in distributed intrusion detection. The model involves three concepts: system view, signature, and… CONTINUE READING
Highly Cited
This paper has 109 citations. REVIEW CITATIONS

14 Figures & Tables



Citations per Year

109 Citations

Semantic Scholar estimates that this publication has 109 citations based on the available data.

See our FAQ for additional information.