Teng, H.S., Chen, K., Lu, S.C.Y.: Adaptive real-time anomaly detection using inductively generated sequential patterns. In: 1990 IEEE Symposium on Research in Security and Privacy, May 7--9, 1990, IEEE Computer Society (1990) 278--284  Home/Search   Document Not in Database   Summary   Related Articles   Check

....(known as the knowledge acquisition bottleneck in expert system literature) has generated a great deal of interest in the application of machine learning techniques to automate the process of learning the patterns. Examples include the Time based Inductive Machine (TIM) for intrusion detection [3] that learns sequential patterns and neural network based intrusion detection systems [4] More recently, techniques from the data mining area (mining of association rules and frequency episodes) have been used to mine normal patterns from audit data [5, 10, 15] Problems are encountered, ....

Teng, H., K. Chen, and S. Lu. 1990. Adaptive real-time anomaly detection using inductively generated sequential patterns. In Proceedings of 1990 IEEE computer society symposium on research in security and privacy held in Oakland, California, May 7-9, 1990, by IEEE Computer Society, 278-84. Los Alamitos, CA: IEEE Computer Society Press.

....user, group, remote host and target system levels. For an in depth discussion of IDES, the reader is referred to [12] Two example intrusion detection implementations that employ rule based anomaly detection are Wisdom and Sense (W S) 34] and the Time based Inductive Machine (TIM) approach [3]. Neural network based anomaly detection has also been proposed in recent work [4] 20] Anomaly detection is not without limitations. In many environments, it may be difficult to establish behavior patterns for users. For example, in sporadic user environments establishing profiles of normal ....

K. Chen, S.C. Lu and H.S. Teng, "Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns," Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 278-295, May 1990.

....[10, 11, 12, 13] continue to employ statistical methods for anomaly detection, typically in combination with other methods. More recent anomaly detection methods employ a wide variety of classification schemes to identify anomalous activities. These schemes include, among others, rule induction [14, 15, 16], artificial) neural networks [17, 18, 19] fuzzy set theory [20] classical machine learning algorithms [21, 22] artificial immune systems [23, 24] signal processing methods [25] and temporal sequence learning [26, 27] A challenge that all developers of anomaly detectionbased intrusion ....

Teng, H. S., Chen, K., and Lu, S. C., "Adaptive Realtime Anomaly Detection Using Inductively Generated Sequential Patterns," presented at Proceedings of the IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, 1990.

....11, 12, 13] continue to employ statistical methods for anomaly detection, typically in combination with other methods. More recent anomaly detection methods employ a wide variety of classification schemes to identify anomalous activities. These schemes include, among others, rule induction [14, 15, 16], artificial) neural networks [17, 18, 19] fuzzy set theory [20] classical machine learning algorithms [21, 22] artificial immune systems [23, 24] signal processing methods [25] and temporal sequence learning [26, 27] A challenge that all developers of anomaly detectionbased intrusion ....

Teng, H. S., Chen, K., and Lu, S. C., "Adaptive Realtime Anomaly Detection Using Inductively Generated Sequential Patterns," presented at Proceedings of the IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, 1990.

....behaviour is not new and several Artificial 1 The term is used in its broad commercial context, rather than the logical unit of work with ACID properties defined in Transaction Processing. Intelligence techniques have been employed to address it. The term Classification refers to techniques [3, 9, 12, 13, 15, 20, 21] which derive some patterns of normal activity within a specific domain and then distinguish data into normal or exceptional based on the set of known patterns. Usually, those data have been subjected to a Data Reduction preprocessing [3, 6, 15, 17, 20] Data Reduction techniques aim to analyse a ....

....Classification refers to techniques [3, 9, 12, 13, 15, 20, 21] which derive some patterns of normal activity within a specific domain and then distinguish data into normal or exceptional based on the set of known patterns. Usually, those data have been subjected to a Data Reduction preprocessing [3, 6, 15, 17, 20]. Data Reduction techniques aim to analyse a collection of data, identify and extract only those data elements that are considered significant. As noted in [18] financial institutions rely on customized fraud detection systems. These systems have been developed by employing machine learning and ....

Teng, H. and Chen, K. and Lu, S., "Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns", Proceed- ings IEEE Symposium on Research in Computer Security and Privacy, 1990.

....Lee et al. applied Cohen s rule learner RIPPER [31] to the same task, with some improvement [89] though they assumed the availability of anomaly examples in their training. An alternative method of employing sequence learning to the anomaly detection domain was presented by Teng et al. in [90, 91]. Their system develops sequential rules of the form E1 E2 E3 (E4 = 94 ; E5 = 6 ) where the various E s are events derived from the security audit trail, denotes any event , and the percentages on the right hand of the rule represent the probability of occurrence of each of the ....

H. S. Teng, K. Chen, and S. C. Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. In Proceedings of the IEEE Computer Society Symposium on Research in Computer Security and Privacy, pages 278{ 284, Los Alamitos, CA, 1990. IEEE Computer Society, IEEE Computer Society Press.

....between the distributions signify an intrusion. One problem with this approach is that intrusions present in the historical distributions may cause the system to not detect similar intrusions in unseen data. Related to automatic model generation is adaptive intrusion detection. Teng et al. [33] perform adaptive real time anomaly detection by using inductively generated sequential patterns. Also relevant is Sobirey s work on adaptive intrusion detection using an expert system to collect data from audit sources [28] Many different approaches to building anomaly detection models have ....

H. S. Teng, K. Chen, and S. C. Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 278--284, Oakland CA, May 1990.

....a compiler, but is generally insufficient to examining sequences of user generated events. We have found that humans rarely tend to exactly repeat 24 prior sequences of actions. An alternative method of employing sequence learning to the anomaly detection domain was presented by Teng et al. in [67, 68]. Their system develops sequential rules of the form E1 E2 E3 Gamma Gamma (E4 = 94 ; E5 = 6 ) where the various E s are events derived from the security audit trail, denotes any event , and the percentages on the right hand of the rule represent the probability of occurrence of ....

H. S. Teng, K. Chen, and S. C. Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. In Proceedings of the IEEE Computer Society Symposium on Research in Computer Security and Privacy, pages 278--284, Los Alamitos, CA, 1990. IEEE Computer Society, IEEE Computer Society Press.

....us to search for simple and accurate intrusion detectors. Chapter 4 details our classification experiments on the same data set reported by [ Forrest et al. 1996 ] which demonstrate that our classifiers are more e#ective in detecting the anomalies. A very strongly related work was reported in [ Teng et al. 1990 ] A timebased inductive engine was used to analyze audit data and generate rule based sequential patterns that describe user behavior. An example of such rules is E1 E2 E3 # E4 = 95 , which indicates that if E1, E2, and E3 occur in serial order then there is 95 chance that E4 will ....

H. S. Teng, K. Chen, and S. C. Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 278--284, Oakland CA, May 1990.

....was used by DEC in building the PLOYCENTER (ESSENSE) host based IDS. POLYCENTER uses s expressions to represent highlevel attack patterns not sequence of events. It then compares current events with these patterns to adjust auditing and performs limited look ahead adaptive auditing [HV] VHJ][TC]. This approach greatly reduces the search space in VMS and Ultrix misuse detection. However, the high level patterns were not modeled after intentions and it does not integrate with Anomaly Detection IDS. The modelbased approach has also not been generalized to address large scale network IDS ....

H. S. Teng, J. Chen. Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns.

....between the distributions signify an intrusion. One problem with this approach is that intrusions present in the historical distributions may cause the system to not detect similar intrusions in unseen data. Related to automatic model generation is adaptive intrusion detection. Teng et al. [20] perform adaptive real time anomaly detection by using inductively generated sequential patterns. Also relevant is Sobirey s work on adaptive intrusion detection using an expert system to collect data from audit sources [17] Many different approaches to building anomaly detection models have ....

H. S. Teng, K. Chen, and S. C. Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 278--284, Oakland CA, May 1990.

....anomalous the behavior is, that is, how different e.g. the commands used are from normal behavior. Such approaches require that the distribution of subjects behavior is known. The behavior can be represented as a rule based model (Garvey and Lunt 1991) in terms of predictive pattern generation (Teng et al. 1990), or using state transition analysis (Porras 2 et al. 1995) Pattern matching techniques are then used to determine whether the sequence of events is part of normal behavior, constitutes an anomaly, or fits the description of a known attack. IDSs also differ in whether they are on line or ....

Teng, H. S., Chen, K., and Lu, S. C. (1990). Adaptive real-time anomaly detection using inductively generated sequential patterns. In Proceedings of the 1990 IEEE Symposium on Research in Computer Security and Privacy, 278--284.

....systems have become available commercially over the past few years [2, 4, 14] Although their deployment in the marketplace suggests that these systems benefit their users, there is almost no data measuring their effectiveness. The same paucity of evaluation results plagues the research arena [7, 8, 13, 20]. Evaluating detection systems is a difficult undertaking, complicated by several common practices. For example, most evaluations are done according to a black box testing regime (e.g. 7] While black box testing can demonstrate the overall performance capabilities of a detection system, it ....

....predecessor. These concepts are covered in most texts on information theory, such as [3] Conditional relative entropy is used to measure the structure present in the benchmark datasets presented in this paper. Many anomaly detection systems depend on the presence of regularities in data (e.g. [5, 6, 15, 20]) In the remainder of this paper, the terms regularity or regularity index refer to the sequential dependencies of sequences as measured by entropy. A regularity index of 0 indicates perfect regularity (or redundancy) an index of 1 indicates no regularity, i.e. random. 4. Constructing the ....

Teng, Henry S.; Chen, Kaihu and Lu, Stephen C-Y., "Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns", In IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, California: IEEE Computer Society Press, 7-9 May 1990, pp. 278-284.

....and store the usage patterns, whereas statistical anomaly detectors use statistical formulas to identify usage patterns in audit data. This technique shares the same advantage and disadvantages with the statistical anomaly detection techniques. Examples of this approach are W S [Vacc89] and TIM [Chen90]. ffl Rule based Penetration Identification: These tools are characterized by their expert system properties that fire rules when audit information indicates illegal activities. Most of the current intrusion detection tools supplement their anomaly detection components with rule based expert ....

K. Chen, S.C. Lu and H.S. Teng, "Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns," presented at the Fifth Intrusion Detection Workshop, SRI International, Menlo Park, CA, May 1990.

No context found.

Teng, H.S., Chen, K., Lu, S.C.Y.: Adaptive real-time anomaly detection using inductively generated sequential patterns. In: 1990 IEEE Symposium on Research in Security and Privacy, May 7--9, 1990, IEEE Computer Society (1990) 278--284

No context found.

Teng HS, Chen K, Lu S C-Y (1990), Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns, In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May, pp 278-284

No context found.

H.S. Teng, K. Chen, and S. C-Y Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. In Proceedings of the IEEE Symposium on Security and Privacy, 1999.

No context found.

S. Lu, H. Teng, and K. Cheng, Adaptive real-time anomaly detection using inductively generated sequential patterns, IEEE symposium on research in computer security, 1990.

No context found.

H.S. Teng, K. Chen, and S. C-Y Lu. Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns. In IEEE Symposium on Security and Privacy, 1999.

No context found.

Henry S. Teng, Kaihu Chen, and Stephen C-Y Lu. Adaptive Real-Time Anomaly Detection using Inductively Generated Sequential Patterns. In Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, May 1990.

No context found.

H. Teng, K. Chen, and S.-Y. Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. In IEEE Symposium on Security and Privacy, Oakland, California, May 1990.

No context found.

H. Teng, K. Chen, and S. C.-Y. Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. In IEEE Symposium on Security and Privacy, pages 278--284, 1999.

No context found.

H. Teng, K. Chen, and S.-Y. Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. In IEEE Symposium on Security and Privacy, Oakland, California, May 1999.

No context found.

Teng, H., Chen, K., and Lu, S.-Y. (1990). Adaptive RealTime Anomaly Detection using Inductively Generated Sequential Patterns. In Proceedings of the IEEE Symposium on Security and Privacy.

No context found.

K. Chen, S.C. Lu and H.S. Teng, "Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns," Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 278-295, May 1990.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC