Jon Doyle, Isaac Kohane, William Long, Howard Shrobe, Peter Szolovits  Home/Search
Context Related
| mit.edu/doyle/publ...01proceedings.pdf mit.edu/people/hes/p...doyle01event.pdf mit.edu/medg/ftp/d...01proceedings.pdf Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: mit.edu/doyle/publications/ (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: Notions of signature and anomaly have formed the basis of useful methods in cyber defense, but even in combination provide only weak evidence for recognizing many events of interest. One can recognize many important events without requiring signatures of specific ways the events can take place and without treating every anomalous behavior as an event. We describe an approach to event recognition that subsumes and extends signature and anomaly methods by starting from a richer language for... (Update)
Context of citations to this paper: More
...approach to event recognition that goes beyond the capabilities standard signature and anomaly methods and their direct combinations. See [5] for an extended discussion. 8.2. Alerting models The library of alerting models incorporates both extant procedures for making alerting...
Cited by: More
Andrei Sabelfeld (Editor) - Turku Centre Computer (Correct)
Agile Monitoring for Cyber Defense - Doyle, Kohane, Long, Shrobe.. (2001) (Correct)
Similar documents (at the sentence level):
79.0%: Event Recognition Beyond Signature and Anomaly - Doyle, Kohane, Long, Shrobe.. (2001) (Correct)
15.1%: On Widening the Scope of Attack Recognition Languages - Doyle, Shrobe, Szolovits (2000) (Correct)
Active bibliography (related documents): More All
0.9: Active Trust Management for Autonomous Adaptive Survivable .. - Shrobe, Doyle, Szolovits (2000) (Correct)
0.9: Adaptive Knowledge-Based Monitoring for Information.. - Doyle, Kohane, Long.. (Correct)
0.6: Intrusion Detection: A Bibliography - Mé, Michel (2001) (Correct)
Similar documents based on text: More All
0.2: Guardian Angel: Patient-Centered Health Information.. - Szolovits, Doyle.. (1994) (Correct)
0.2: The Architecture of MAITA - A Tool For Monitoring.. - Doyle, Kohane, Long, .. (1999) (Correct)
0.1: The Personal Internetworked Notary and Guardian - Riva, Mandl, Oh, Nigrin.. (2001) (Correct)
Related documents from co-citation: More All
2: . Kohane, I. S. Temporal reasoning in medical expert systems. In R. Salamon, B. Blum, and M. Jorgensen, editors, MEDINFO 86: Proceedings of the Fifth Conference on Medical Informatics, pages 170-174, Washington, October 1986. North-Holland.
BibTeX entry: (Update)
J. Doyle, I. Kohane, W. Long, H. Shrobe, and P. Szolovits. Event recognition beyond signature and anomaly. In Proceedings of the Second IEEE SMC Information Assurance Workshop. IEEE, IEEE Computer Society, June 2001. http://citeseer.ist.psu.edu/doyle01event.html More
@misc{ doyle01event,
author = "J. Doyle and I. Kohane and W. Long and H. Shrobe and P. Szolovits",
title = "Event recognition beyond signature and anomaly",
text = "J. Doyle, I. Kohane, W. Long, H. Shrobe, and P. Szolovits. Event recognition
beyond signature and anomaly. In Proceedings of the Second IEEE SMC Information
Assurance Workshop. IEEE, IEEE Computer Society, June 2001.",
year = "2001",
url = "citeseer.ist.psu.edu/doyle01event.html" }
Citations (may not include all citations):1044 Maintaining knowledge about temporal intervals (context) - Allen - 1983
132 Emerald: Event monitoring enabling responses to anomalous li.. - Porras, Neumann - 1997
39 Detecting computer and network misuse through the production.. - Lindqvist, Porras - 1999
32 STATL: An attack language for state-based intrusion detectio.. - Eckmann, Vigna et al. - 2000
26 Temporal reasoning in medical expert systems (context) - Kohane - 1986
26 Temporal reasoning in medical expert systems (context) - Kohane - 1987
23 Automated trend detection with alternate temporal hypotheses (context) - Haimowitz, Kohane - 1993
9 An epistemology for clinically significant trends (context) - Haimowitz, Kohane - 1993
7 Encoding patterns of growth to automate detection and diagno.. (context) - Kohane, Haimowitz - 1993
5 Knowledgebased data display using TrenD x (context) - Fackler, Haimowitz et al. - 1994
4 Hypothesis-driven data abstraction (context) - Kohane, Haimowitz - 1993
4 Some representational limitations of the common intrusion sp.. (context) - Doyle - 1999
3 A common intrusion specification language (CISL (context) - Feiertag, Kahn et al. - 2000
3 Agile monitoring for cyber defense - Doyle, Kohane et al. - 2001
Documents on the same site (http://www.medg.lcs.mit.edu/doyle/publications/): More
Preferential Semantics for Goals - Wellman, Doyle (1991) (Correct)
Similarity, Conservatism, and Rationality - Doyle (1988) (Correct)
Rational Belief Revision - Doyle (1991) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC