Results 11 - 20
of
40
Agent-based Intrusion Detection for Network-based Application
, 2006
"... Now days, different kinds of IDS systems are available for serving in the network distributed system, but these systems mainly concentrate on network-based and hostbased detection. It is inconvenient to integrate these systems into distributed application servers for applicationbased intrusion detec ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
Now days, different kinds of IDS systems are available for serving in the network distributed system, but these systems mainly concentrate on network-based and hostbased detection. It is inconvenient to integrate these systems into distributed application servers for applicationbased intrusion detection. An agent-based IDS that can be smoothly integrated into the applications of enterprise information systems is proposed in this paper and we discuss the system architecture, agent structure, and integration mechanism. Our IDS system consists of three kinds of agents, namely, client agent, server agent and communication agent. This paper also explains how to integrate agents with an access control model for getting better security performance. By introducing standard protocols such as KQML, IDMEF into the design of agent, our agent-based IDS shows how to build more flexible software applications. Keywords: KQML Agent-based, IDMEF, intrusion detection,
APPLICATIONS OF GUI USAGE ANALYSIS
, 2008
"... Except where reference is made to the work of others, the work described in this dissertation is my own or was done in collaboration with my advisory committee. This dissertation does not include proprietary or classified information. _________________________________ ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
Except where reference is made to the work of others, the work described in this dissertation is my own or was done in collaboration with my advisory committee. This dissertation does not include proprietary or classified information. _________________________________
The Unbalanced Classification Problem: Detecting Breaches in Security
- DOCTORAL DISSERTATION, RENSSELAER POLYTECHNIC INSTITUTE
, 2006
"... ..."
1 Masquerade Detection Using a Taxonomy-Based Multinomial Modeling Approach in UNIX Systems
"... This paper presents one-class Hellinger distance-based and one-class SVM modeling techniques that use a set of features to reveal user intent. The specific objective is to model user command profiles and detect deviations indicating a masquerade attack. The approach aims to model user intent, rather ..."
Abstract
- Add to MetaCart
(Show Context)
This paper presents one-class Hellinger distance-based and one-class SVM modeling techniques that use a set of features to reveal user intent. The specific objective is to model user command profiles and detect deviations indicating a masquerade attack. The approach aims to model user intent, rather than only modeling sequences of user issued commands. We hypothesize that each individual user will search in a targeted and limited fashion in order to find information germane to their current task. Masqueraders, on the other hand, will likely not know the file system and layout of another user's desktop, and would likely search more extensively and broadly. Hence, modeling a user search behavior to detect deviations may more accurately detect masqueraders. To that end, we extend prior research that uses UNIX command sequences issued by users as the audit source by relying upon an abstraction of commands. We devised a taxonomy of UNIX commands that is used to abstract command sequences. The experimental results show that the approach does not lose information and performs comparably to or slightly better than the modeling approach based on simple UNIX command frequencies. 1.
15. SUBJECT TERMS Masquerader, User Profiling, Command Taxonomy
, 2008
"... The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comm ..."
Abstract
- Add to MetaCart
(Show Context)
The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggesstions for reducing this burden, to Washington
User Profiles and Identifing User Behaviour in the Cloud Computing Environment
, 2014
"... Abstract In this paper, for the detection of the masquerade attacks in the cloud infrastructure collaborative filtering algorithm based on the cloud model is proposed. One of the advantages of this model is the identification of the similarity between the users on the basis of the cloud model. Whil ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract In this paper, for the detection of the masquerade attacks in the cloud infrastructure collaborative filtering algorithm based on the cloud model is proposed. One of the advantages of this model is the identification of the similarity between the users on the basis of the cloud model. While using the similarity measurement method based on the cloud model, it does not require a strict comparison between the score value of operations used by different users. Here we provide the calculation of the statistic features of the score values of all operations used by the user at the access point, then we provide a comparison of statistics features of the input data and based of these we determine the similarity between the input data.
WORKLOAD HIDDEN MARKOV MODEL FOR ANOMALY DETECTION
"... Intrusion detection, anomaly detection, time series analysis, Markov processes. We present an approach to anomaly detection based on the construction of a Hidden Markov Model trained on processor workload data. Based on processor load measurements, a HMM is constructed as a model of the system norma ..."
Abstract
- Add to MetaCart
(Show Context)
Intrusion detection, anomaly detection, time series analysis, Markov processes. We present an approach to anomaly detection based on the construction of a Hidden Markov Model trained on processor workload data. Based on processor load measurements, a HMM is constructed as a model of the system normal behavior. Any observed sequence of processor load measurements that is unlikely generated by the HMM is then considered as an anomaly. We test our approach taking real data of a mail server processor load to construct a HMM and then we test it under several experimental conditions including a simulated DoS attacks. We show some evidence suggesting that this method could be successful to detect attacks or misuse that directly affects processor performance. 1
ORIGINAL PAPER Detecting masquerades using a combination of Naïve Bayes and weighted RBF approach
"... Abstract Masquerade detection by automated means is gaining widespread interest due to the serious impact of masquerades on computer system or network. Several techniques have been introduced in an effort to minimize up to some extent the risk associated with masquerade attack. In this respect, we h ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract Masquerade detection by automated means is gaining widespread interest due to the serious impact of masquerades on computer system or network. Several techniques have been introduced in an effort to minimize up to some extent the risk associated with masquerade attack. In this respect, we have developed a novel technique which comprises of Naïve Bayes approach and weighted radial basis function similarity approach. The proposed scheme exhibits very promising results in comparison with many earlier techniques while experimenting on SEA dataset in detecting masquerades. 1
