Katherine A. Heller, Krysta M. Svore, Angelos D. Keromytis, Salvatore J. Stolfo  Home/Search
Context
Related
| columbia.edu/~angelos/Paper...ocsvm.pdf Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: columbia.edu/~angelos/cv (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: We present a new Host-based Intrusion Detection System (IDS) that monitors accesses to the Microsoft Windows Registry using Registry Anomaly Detection (RAD). Our system uses a one class Support Vector Machine (OCSVM) to detect anomalous registry behavior by training on a dataset of normal registry accesses. It then uses this model to detect outliers in new (unclassified) data generated from the same system. Given the success of OCSVMs in other applications, we apply them to the Windows Registry ... (Update)
Active bibliography (related documents): More All
1.2: One Class Support Vector Machines for Detecting.. - Heller, Svore.. (Correct)
0.5: A Holistic Approach to Service Survivability - Keromytis, Parekh, Gross.. (2003) (Correct)
0.3: Adaptive Model Generation: An Architecture for.. - Honig, Howard, Eskin, .. (2002) (Correct)
Similar documents based on text: More All
0.4: Detecting Malicious Software by Monitoring.. - Apap, Honig.. (2001) (Correct)
0.3: DATABASE RESEARCH at Columbia University - Chang, Gravano, Kaiser, Ross.. (Correct)
0.2: The Price of Safety in an Active Network - Alexander, Anagnostakis.. (1999) (Correct)
BibTeX entry: (Update)
@misc{ heller-one,
author = "Katherine A. Heller and Krysta M. Svore and Angelos D. Keromytis and Salvatore
J. Stolfo",
title = "One Class Support Vector Machines for Detecting Anomalous Windows Registry
Accesses",
url = "citeseer.ist.psu.edu/634736.html" }
Citations (may not include all citations):181 Optimal Statistical Decisions (context) - DeGroot - 1970
142 A sense of self for unix processes - Forrest, Hofmeyr et al. - 1996
133 IEEE Transactions on Software Engineering (context) - Denning, detection - 1987
133 Outliers in Statistical Data (context) - Bartnett, Lewis - 1994
70 A data mining framework for building intrusion detection mod.. - Lee, Stolfo et al. - 1999
63 Intrusion detection using sequences of system calls - Hofmeyr, Forrest et al. - 1998
62 The nides statistical component: Description and justificati.. (context) - Javitz, Valdes - 1993
31 Estimating the support of a highdimensional distribution (context) - Scholkopf, Platt et al. - 2001
22 Anomaly detection over noisy data using learned probability .. - Eskin - 2000
15 Learning patterns from unix processes execution traces for i.. (context) - Lee, Stolfo et al. - 1997
10 Detecting novel attacks by identifying anomalous network pac.. - Mahoney, Chan - 2001
9 Efficient bayesian parameter estimation in large discrete do.. - Friedman, Singer - 1999
7 Data mining in work flow environments: Experiences in intrus.. (context) - Lee, Stolfo et al. - 1999
7 Detecting malicious software by monitoring anomalous windows.. - Apap, Honig et al. - 2002
2 Svm anomaly detection c code (context) - Arnold - 2002
http://www.dark-e.com/
http://www.nwinternet.com/
http://www.geocities.com/
http://www.astack.com/
http://www.symantex.com/
http://e4gle.org/files/
http://www.ntsecurity
http://www.cultdeadcow
Documents on the same site (http://www1.cs.columbia.edu/~angelos/cv.html): More
Just Fast Keying: Key Agreement in a Hostile Internet - Aiello, Bellovin, Blaze.. (2004) (Correct)
Automated Recovery in a Secure Bootstrap Process - Arbaugh, Keromytis, Farber.. (1998) (Correct)
Requirements for Scalable Access Control and Security.. - Keromytis, Smith (2002) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC