Sandeep Kumar. A Pattern Matching Approach to Misuse Intrusion Detection. PhD thesis, Purdue University, Department of Computer Sciences, 1995.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....of this information. 1. 1 Related work The basic model for an intrusion detection system was introduced by Denning in [9] Much work has grown around this model, and research in intrusion detection has covered network based intrusions [14, 37] immunology based models [12] state machine models [22] and statistical analysis [19] The approach we detail in this paper for detecting system misuse leverages some of the work performed by these authors; our core engine performs a state based analysis of audit data. Analysis of the requirements for audit data content for intrusion detection has ....

Sandeep Kumar. A Pattern Matching Approach to Misuse Intrusion Detection. PhD thesis, Purdue University, Department of Computer Sciences, 1995.

....dynamically detects and prevents some forms of buffer overflow attacks is also introduced. This second prototype library was able to successfully detect and prevent several buffer overflow attacks against privileged programs. 1 Motivation Researchers in Intrusion detection have stated (Kumar [1], Lunt [2] Price [3] that there is a desire or need by software developers in the intrusion detection community for an increase in the amount of application level audit data available for their use. Frequently, applications report audit information only when their programmers insert specific ....

Sandeep Kumar. A Pattern Matching Approach to Misuse Intrusion Detection. PhD thesis, Purdue University, Department of Computer Sciences, 1995.

....with detecting attacks on computers and 7 0 0.2 0.4 0.6 0.8 1 False alarm rate 0 0.2 0.4 0.6 0.8 1 Average score 0 0.2 0.4 0.6 0.8 1 0 0.2 0.4 0.6 0. 8 1 DC 1 DC 1 without profiling Random Figure 4: Performance of several methods for news story monitoring computer networks [8, 9]. Within intrusion detection, anomaly detection systems characterize behavior of individual users and issue alarms of intrusions, based on anomalies in behavior. Since traces of actual computer intrusions are rare and difficult to obtain, we chose a variant of this task common in computer ....

Kumar, S. A Pattern Matching Approach to Misuse Intrusion Detection. PhD thesis, Purdue University, Department of Computer Sciences, August 1995.

....we have attempted to ensure that the mechanisms used are sufficiently general to permit the observation of a wide range of network and system related phenomena. An example would be a stream of events which identifies patterns of network activity which represent a threat to system security [7, 3]. Events are regarded as waypoints on the path of a Protocol Data Unit (PDU) through the appropriate protocol stack, and are recorded as stamps, each comprising a waypoint identifier, time stamp, and tagging information which allows trails of related events to be assembled. We have attempted to ....

S. Kumar. A Pattern Matching Approach to Misuse Intrusion Detection. PhD thesis, Purdue University, Department of Computer Sciences, (to appear) 1995.

....and design of such techniques is an important area for future research (Provost and Fawcett 1997) 7. Related Work Fraud detection is related to intrusion detection, a field of computer security concerned with detecting attacks on computers and computer networks (Frank 1994; Sundaram 1996; Kumar 1995). Many forms of intrusion are instances of superimposition fraud, and thus candidates for systems built with our framework. Within the intrusion detection community, anomaly detection systems try to characterize behavior of individual users in order to detect intrusions on that user s account via ....

Kumar, S. (1995, August). A Pattern Matching Approach to Misuse Intrusion Detection. Ph.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC