• DocumentCode
    564728
  • Title

    An Intrusion-Detection Model

  • Author

    Denning, Dorothy E.

  • Author_Institution
    SRI International
  • fYear
    1986
  • fDate
    7-9 April 1986
  • Firstpage
    118
  • Lastpage
    118
  • Abstract
    A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system´s audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.
  • Keywords
    Computational modeling; Expert systems; Measurement; Monitoring; Radiation detectors; Security; Standards;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 1986 IEEE Symposium on
  • Conference_Location
    Oakland, CA, USA
  • ISSN
    1540-7993
  • Print_ISBN
    0-8186-0716-5
  • Type

    conf

  • DOI
    10.1109/SP.1986.10010
  • Filename
    6234848
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=564728