SunSoft. SunSHIELD Basic Security Module Guide. SunSoft, Mountain View, CA, 1995.  Home/Search Document Not in Database Summary Related Articles Check |
This paper is cited in the following contexts:
Using Artificial Anomalies to Detect Unknown and Known.. - Fan, Miller, Stolfo (2001) (7 citations) (Correct)
....Ghosh and Schwartzbard [5] proposed using a neural network to learn a profile of normality. Similar to our approach, random behaviors are generated to represent abnormality for training purposes. Unlike our approach, each of their input features is a distance value from an exemplar sequence of BSM [14] events. This study is one of the first attempts in applying machine learning algorithms to network events for anomaly detection. Algorithms for anomaly detection and misuse detection have traditionally been studied separately. In SRI s EMERALD [12] anomaly and misuse detection algorithms are ....
SunSoft. SunSHIELD Basic Security Module Guide. SunSoft, Mountain View, CA, 1995.
A Data Mining Framework for Constructing Features and Models for.. - Lee (1999) (17 citations) (Correct)
....statistics are not available to determine the error rates of our approach in user anomaly detection, the initial results are encouraging. We believe that our approach is worthy of future study. 138 7. 2 Experiments on BSM Data The DARPA data also contains Solaris BSM (Basic Security Module) SunSoft, 1995 ] audit data for a designated host, pascal. In this section, we describe our experiments in building host based intrusion detection models using BSM data. When BSM is enabled in a host machine, there exists an audit trail for the host. An audit trail is a time ordered sequence of actions that ....
SunSoft. SunSHIELD Basic Security Module Guide. SunSoft, Mountain View, CA, 1995.
Information-Theoretic Measures for Anomaly Detection - Lee, Xiang (2001) (16 citations) (Correct)
....call data, BSM data, and network tcpdump data to illustrate the utilities of these measures. 1 Introduction Intrusion detection systems (IDSs) is an important component of the defense in depth or layered network security mechanisms. An IDS collects system and network activity data, e.g. BSM [27] and tcpdump[9] data, and analyzes the information to determine whether there is an attack occurring. The two main techniques for intrusion detection (ID) are misuse detection and anomaly detection. Misuse detection (sub)systems, for example, IDIOT [10] and STAT [8] use the signatures of known ....
SunSoft. SunSHIELD Basic Security Module Guide. SunSoft, Mountain View, CA, 1995.
A Data Mining Framework for Building Intrusion Detection Models - Lee, Stolfo, Mok (1999) (52 citations) (Correct)
....data. Meta learning is used to learn the correlation of intrusion evidence from multiple detection models, and produce a combined detection models. It is very important to point out that our framework does not eliminate the need to pre process and analyze raw audit data, e.g. tcpdump [7] and BSM [22] output. In fact, to build intrusion detection models for network systems, our data mining programs use pre processed audit data where each record corresponds to a high level event, e.g. a network connection or host session. Each record normally includes an extensive set of features that describe ....
SunSoft, Mountain View, CA. SunSHIELD Basic Security Module Guide. 13
A Data Mining Framework for Adaptive Intrusion Detection - Lee, Stolfo, Mok (1998) (4 citations) (Correct)
....the network protocols. We can combine the network detection models and the host based models to detect such intrusions. Here we experimented using a sample dataset from the DARPA Intrusion Detection Evaluation Dataset 3 . This DARPA sample dataset consists of tcpdump data and (host based) BSM [Sun] audit data. The dataset contains only 15 minutes of activity with several intrusions, for example, port scan , ping scan and guessing password , etc. We built an anomaly detection model for the network tcpdump data, and a misuse detection model for the host BSM data. The BSM session records ....
SunSoft, Mountain View, CA. SunSHIELD Basic Security Module Guide.
A Data Mining Framework for Building Intrusion Detection Models - Lee, Stolfo, Mok (1999) (52 citations) (Correct)
....is used to learn the correlation of intrusion evidence from multiple detection models, and produces a (final) combined detection model. It is very important to point out that our framework does not eliminate the need to pre process and analyze raw audit data, e.g. tcpdump [6] and BSM [22] output. In fact, to build intrusion detection models for network systems, our data mining programs use (pre processed) audit data where each record corresponds to a high level event, e.g. a network connection or host session. Each record normally includes an extensive set of features that ....
SunSoft, Mountain View, CA. SunSHIELD Basic Security Module Guide.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC