See this document in CiteSeerX!

Learning Program Behavior Profiles for Intrusion Detection (1999)  (Make Corrections)  (31 citations)
Anup K. Ghosh, Aaron Schwartzbard, Michael Schatz



  Home/Search   Context   Related

Links:   ACM   DBLP

 
View or download:
rstcorp.com/pub/papers...usenix_id99.ps
cigital.com/papers/dow...usenix_id99.ps
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  rstcorp.com/papers/chrono1999 (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: Profiling the behavior of programs can be a useful reference for detecting potential intrusions against systems. This paper presents three anomaly detection techniques for profiling program behavior that evolve from memorization to generalization. The goal of monitoring program behavior is to be able to detect potential intrusions by noting irregularities in program behavior. The techniques start from a simple equality matching algorithm for determining anomalous behavior, and evolve to a... (Update)

Cited by:   More
Hybrid Multi-Agent Framework for Detection of Stealthy Probes - Srinivas Mukkamala Andrew   (Correct)
An Approach for Detecting Self-Propagating Email Using Anomaly .. - Gupta, Sekar (2003)   (Correct)
Intrusion Detection Systems Using Adaptive Regression.. - Mukkamala, Sung, Abraham, ..   (Correct)

Similar documents (at the sentence level):
66.6%:   Learning Program Behavior Profiles for Intrusion Detection - Ghosh, Schwartzbart, Schatz (1999)   (Correct)

Active bibliography (related documents):   More   All
0.5:   Intrusion Detection: A Bibliography - Mé, Michel (2001)   (Correct)
0.4:   Detecting Anomalous and Unknown Intrusions Against Programs - Ghosh, Wanken, Charron (1998)   (Correct)
0.4:   Using Program Behavior Profiles for Intrusion Detection - Ghosh, Schwartzbard, Schatz (1999)   (Correct)

Similar documents based on text:   More   All
0.5:   A Framework For An Adaptive Intrusion Detection System With.. - Hossain, Bridges (2001)   (Correct)
0.4:   Learning Models of Network Traffic for Detecting Novel Attacks - Matthew Mahoney And   (Correct)
0.4:   Using Text Categorization Techniques for Intrusion Detection - Liao, Vemuri (2002)   (Correct)

Related documents from co-citation:   More   All
11:   An Intrusion Detection Model (context) - Denning - 1987
10:   Computer immunology - Forrest, Hofmeyr et al. - 1996
8:   Next-generation intrusion detection expert system - Anderson, Frivold et al. - 1995

BibTeX entry:   (Update)

A. K. Ghosh, A. Schwatzbard and M. Shatz, "Learning Program Behavior Profiles for Intrusion Detection", in Proceedings 1 st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April 1999, http://www.rstcorp.com/~anup/. http://citeseer.ist.psu.edu/article/ghosh99learning.html   More

@inproceedings{ ghoshlearning,
    author = "Anup K. Ghosh and Aaron Schwartzbard and Michael Schatz",
    title = "Learning Program Behavior Profiles for Intrusion Detection",
    pages = "51--62",
    url = "citeseer.ist.psu.edu/article/ghosh99learning.html" }
Citations (may not include all citations):
248   Fast effective rule induction - Cohen - 1995  DBLP
175   A secure environment for untrusted helper applications: Conf.. - Goldberg, Wagner et al. - 1996
142   A sense of self for unix processes - Forrest, Hofmeyr et al. - 1996  ACM
132   Emerald: Event monitoring enabling responses to anomalous li.. - Porras, Neumann - 1997
105   State transition analysis: A rule-based intrusion detection .. - Ilgun, Kemmerer et al. - 1995
74   Computer immunology - Forrest, Hofmeyr et al. - 1997  ACM   DBLP
59   Ustat: A real-time intrusion detection system for unix - Ilgun - 1992
56   A survey of intrusion detection techniques (context) - Lunt - 1993  ACM
56   A real-time intrusion-detection expert system (context) - Lunt, Tamaru et al. - 1992
52   Automated detection of vulnerabilities in privileged program.. - Ko, Fink et al. - 1994
35   An immunological approach to change detection: Algorithms (context) - D'haeseleer, Forrest et al. - 1996
34   Netstat: A network-based intrusion detection approach - Vigna, Kemmerer - 1998  DBLP
28   Penetration state transition analysis - a rule-based intrusi.. (context) - Porras, Kemmerer - 1992
25   Learning patterns from unix process execution traces for int.. - Lee, Stolfo et al. - 1997
21   Detecting anomalous and unknown intrusions against programs - Ghosh, Wanken et al. - 1998  ACM   DBLP
19   An application of machine learning to anomaly detection - Lane, Brodley - 1997
17   Ides: an intelligent system for detecting intruders (context) - Lunt - 1990
12   Artificial neural networks for misuse detection - Cannady - 1998
11   Intrusion detection via system call traces (context) - Kosoresow, Hofmeyr - 1997  ACM   DBLP
10   A specificationbased approach for building survivable system.. - Sekar, Cai et al. - 1998
7   Intrusion detection: Applying machine learning to solaris au.. - Endler - 1998
6   A prototype real-time intrusion-detection system (context) - Lunt, Jagannathan - 1988



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://rstcorp.com/papers/chrono-1999.html):   More
Inoculating Software for Survivability - Ghosh, Voas (1999)   (Correct)
Predicting When to Reboot "Continuously Operating" Systems - Voas, Charron   (Correct)
Using Program Behavior Profiles for Intrusion Detection - Ghosh, Schwartzbard, Schatz (1999)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC