Event Recognition Beyond Signature and Anomaly

  title={Event Recognition Beyond Signature and Anomaly},
  author={Jon Doyle and Isaac S. Kohane and William J. Long and Howard J. Shrobe and Peter Szolovits},
Notions of signature and anomaly have formed the basis of useful methods in cyber defense, but even in combination provide only weak evidence for recognizing many events of interest. One can recognize many important events without requiring signatures of specific ways the events can take place and without treating every anomalous behavior as an event. We describe an approach to event recognition that subsumes and extends signature and anomaly methods by starting from a richer language for… CONTINUE READING
Highly Cited
This paper has 31 citations. REVIEW CITATIONS
18 Citations
15 References
Similar Papers


Publications citing this paper.


Publications referenced by this paper.
Showing 1-10 of 15 references

A common intrusion specification language (CISL)

  • Rich Feiertag, Cliff Kahn, Phil Porras, Stuart Schnackenberg, Dan Staniford-Chen, Brian Tung
  • Tech. Rep., www.gidos.org, 2000.
  • 2000
Highly Influential
7 Excerpts

Knowledgebased data display using TrenD x

  • J. Fackler, I. J. Haimowitz, I. S. Kohane
  • AAAI Spring Symposium: Interpreting Clinical Data…
  • 1994
1 Excerpt

Similar Papers

Loading similar papers…