An Intrusion-Detection Model

An Intrusion-Detection Model

A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of sy...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on software engineering 1987-02, Vol.SE-13 (2), p.222-232
1. Verfasser: Denning, D.E.
Format: Artikel
Sprache:eng
Schlagworte:
Abnormal behavior
Applied sciences
Artificial intelligence
auditing
Audits
Computer audits
Computer science
control theory
systems
Computerized monitoring
Contracts
Cybersecurity
Environmental economics
Exact sciences and technology
Expert systems
Hypotheses
intrusions
Invasive software
Joining processes
Learning and adaptive systems
monitoring
Object detection
Operating systems
profiles
Real time
Real time systems
Security
Software
statistical measures
Violations
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.
ISSN:0098-5589
1939-3520
DOI:10.1109/TSE.1987.232894