An Intrusion-Detection Model

@article{Denning1987AnIM,
  title={An Intrusion-Detection Model},
  author={Dorothy E. Denning},
  journal={IEEE Transactions on Software Engineering},
  year={1987},
  volume={SE-13},
  pages={222-232}
}
  • D. Denning
  • Published 1 February 1987
  • Computer Science
  • IEEE Transactions on Software Engineering
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. [] Key Method The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability…
Real-time intrusion detection
  • T. Lunt
  • Computer Science
    Digest of Papers. COMPCON Spring 89. Thirty-Fourth IEEE Computer Society International Conference: Intellectual Leverage
  • 1989
TLDR
It is shown that because IDES combines a statistical user profile approach with a rule-based expert system that characterizes intrusions, it has the potential to become a strong intrusion-detection system.
A pattern-oriented intrusion-detection model and its applications
  • S. ShiehV. Gligor
  • Computer Science
    Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1991
TLDR
The authors justify the need for, and present, a pattern-oriented intrusion-detection model that can be used to analyze object privilege and data flows in secure computer systems to detect operational security problems.
The Intrusion Detection System AID - Architecture, and Experiences in Automated Audit Analysis
TLDR
The intrusion detection system AID is presented which provides new features for network and privacy oriented auditing, and a sophisticated real-time analysis using knowledge based techniques.
Hybrid Model for Computer Intrusion Detection
TLDR
An intrusion detection method that combines rule induction analysis for misuse detection and Fuzzy c-means for anomaly detection is proposed that is an accurate model for handle complex attack patterns in large networks.
A SURVEY on "INTRUSION DETECTION SYSTEM"
TLDR
This paper builds a security domain based on the login and log-out mechanism, then a lamination distributed intrusion detection model of satellite network is proposed and a cooperation mechanism of intrusion detecting agent on satellite working inside and between the security domains is designed.
An Intrusion Detection Architecture for System Security
TLDR
A new software architecture for intrusion detection is presented which makes use of a combination of data analysis and classification technologies including: artificial neural network, unconstrainted optimization, noise reduction, clusters recognition and high-dimensional data visualization.
A multi-layer model for anomaly intrusion detection using program sequences of system calls
TLDR
A multi-layer model of program behaviours based on both hidden Markov models and enumerating methods for anomaly intrusion detection, which differs from the conventional single layer approach is built.
A Comparative Analysis of Current Intrusion Detection Technologies
TLDR
An analysis of the progress being made in the development of effective intrusion detection systems for computer systems and distributed computer networks and the results of an informal survey of security and network professionals are discussed.
On a Difficulty of Intrusion Detection
TLDR
This paper discusses the “base-rate fallacy” and how it influences the relative success of an intrusion detection system, under a set of reasonable circumstances, and concludes that the false-alarm rate quickly becomes a limiting factor.
A prototype real-time intrusion-detection expert system
TLDR
The design and implementation of a prototype intrusion-detection expert system (IDES) are described, which adaptively learns the normal behavior of each user and detects and reports anomalous user behavior in real time.
...
...

References

SHOWING 1-10 OF 13 REFERENCES
Dep
  • Elec. Eng. and Comput. Sci., Univ. California, Berkeley, 4.2 Berkeley Software Distribution ed., 1983. Dorothy E. Denning, for a photograph and biography, see this issue, p. 139. Manuscript received December 20, 1985; revised August 1
  • 1986
Requirements and model for IDES−A real−time intrusion detection system
  • Comput. Sci. Lab, SRI International, Menlo Park, CA, Tech. Rep., 1985.
  • 1985
The paper was first presented at the 1986 Symposium on Security and Privacy in
  • The paper was first presented at the 1986 Symposium on Security and Privacy in
Manuscript received December This work was supported by the Space and Naval Warfare Command (SPAWAR) under Contract 83F830100 and by the National Science Foundation under Grant MCS−8313650
  • Manuscript received December This work was supported by the Space and Naval Warfare Command (SPAWAR) under Contract 83F830100 and by the National Science Foundation under Grant MCS−8313650
  • 1985
Denning, for a photograph and biography, see this issue
  • Denning, for a photograph and biography, see this issue
Requirements and model for IDES-A real-time intrusion detection system
  • Comput. Sci. Lab, SRI International Tech. Rep
  • 1985
Requirements and model for IDES-A real-time intrusion detection
  • system," Comput. Sci. Lab, SRI International,
  • 1985
The author is with SRI International, Menlo Park, CA 94025
  • IEEE Log Number
This work was supported by the Space and Naval Warfare Command (SPAWAR) under Contract 83F830100 and by the National Science Foundation under Grant MCS-8313650
  • Manuscript received December
  • 1985
Elec. Eng. and Comput. Sci
  • Elec. Eng. and Comput. Sci
  • 1983
...
...