Abstraction-based intrusion detection in distributed environments

@article{Ning2001AbstractionbasedID,
  title={Abstraction-based intrusion detection in distributed environments},
  author={Peng Ning and Sushil Jajodia and Xiaoyang Sean Wang},
  journal={ACM Trans. Inf. Syst. Secur.},
  year={2001},
  volume={4},
  pages={407-452}
}
Abstraction is an important issue in intrusion detection, since it not only hides the difference between heterogeneous systems, but also allows generic intrusion-detection models. However, abstraction is an error-prone process and is not well supported in current intrusion-detection systems (IDSs). This article presents a hierarchical model to support attack specification and event abstraction in distributed intrusion detection. The model involves three concepts: system view, signature, and… CONTINUE READING
Highly Cited
This paper has 109 citations. REVIEW CITATIONS

14 Figures & Tables

Topics

Statistics

01020'03'05'07'09'11'13'15'17
Citations per Year

109 Citations

Semantic Scholar estimates that this publication has 109 citations based on the available data.

See our FAQ for additional information.