A.K. Ghosh, A. Schwartzbard and M. Schatz, Using Program Behavior Profiles for Intrusion Detection, in Proceedings of the SANS Third Conference and Workshop on Intrusion Detection and Response, 1999. Home/Search Document Details and Download
Summary Related Articles Check |
This paper is cited in the following contexts:
Information Modeling for Intrusion Report Aggregation - Goldman, Heimerdinger.. (5 citations) (Correct)
....together signature and anomaly based IDSes. To do this, we use the manifestation relationship. Anomaly detectors don t report particular exploits; instead they report that some anomalous event has occurred. To return to our sadmindex example, an anomaly detector like that developed by Cigital [6, 5], might generate a report indicating that there has been an anomalous event in the sadmind process. Information about manifestation relationships in the IRM allows the Cluster Preprocessor to recognize that a sadmindex exploit may be manifested as an anomaly in the sadmind process. The Event ....
A. K. Ghosh, A. Schwartzbard, and M. Schatz, "Using Program Behavior Profiles for Intrusion Detection," in SANS Workshop on the State of the Art and Future Directions of Intrusion Detection and Response, February 1999. 13
Building Adaptive and Agile Applications Using.. - Loyall, Pal, Schantz, .. (2000) (3 citations) (Correct)
....interaction and cooperation between IDSs, applications, and other property managers 11 can improve both the detection by the IDSs and the survivability of the applications. In a slightly related way researchers at RST Corp. are using application program behavior profiles for intrusion detection [8]. Computational immunology is a special case of anomaly detection based on an analogy with biological immune systems. In this approach, an IDS creates a knowledge of self through training, with the intent of distinguishing that self from other , i.e. system attackers. Work in this area is ....
A. K. Ghosh, A. Schwartzbard, and M. Schatz. Using program behavior profiles for intrusion detection. In Proceedings of the Workshop on the State of the Art and Future Directions of Intrusion Detection and Response,, February 1999.
An Approach to Identifying and Understanding.. - Kapfhammer.. (2000) (1 citation) (Correct)
....of our toolkit of machine learning algorithms so that we can enhance their ability to develop models of the anomalous behavior of Java components. In past research, we have tailored state merging algorithms to learn program behavior profiles that can be used in intrusion detection systems [3, 4]. Figure 5 presents an example of a finite state machine that is the product of the state merging algorithms that were employed in past intrusion detection research. This finite state machine models the behavior of the Unix eject program, which simply allows for the software controlled ejection of ....
Anup K. Ghosh, Aaron Schwartzbard, and Michael Schatz. Using program behavior profiles for intrusion detection. In Proceedings of the SANS Third Conference and Workshop on Intrusion Detection and Respons, San Diego, CA, February 1999. 10
A Fast Automaton-Based Method for Detecting.. - Sekar, Bendre.. (2001) (14 citations) (Correct)
No context found.
A.K. Ghosh, A. Schwartzbard and M. Schatz, Using Program Behavior Profiles for Intrusion Detection, in Proceedings of the SANS Third Conference and Workshop on Intrusion Detection and Response, 1999.
Model-Carrying Code (MCC): A New Paradigm for.. - Sekar.. (2001) (1 citation) (Correct)
No context found.
A.K Ghosh, A Schwartzbard, and M Schatz. Using program behavior profiles for intrusion detection. In Proceedings of the SANS Third Conference and Workshop on Intrusion Detection and Response, 1999.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC