Stolfo et al., 2005 - Google Patents
Anomaly detection in computer security and an application to file system accessesStolfo et al., 2005
View PDF- Document ID
- 17911358943224866614
- Author
- Stolfo S
- Hershkop S
- Bui L
- Ferster R
- Wang K
- Publication year
- Publication venue
- International Symposium on Methodologies for Intelligent Systems
External Links
Snippet
We present an overview of anomaly detection used in computer security, and provide a detailed example of a host-based Intrusion Detection System that monitors file systems to detect abnormal accesses. The File Wrapper Anomaly Detector (FWRAP) has two parts, a …
- 238000001514 detection method 0 title abstract description 72
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0751—Error or fault detection not based on redundancy
- G06F11/0754—Error or fault detection not based on redundancy by exceeding limits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/86—Secure or tamper-resistant housings
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Stolfo et al. | Anomaly detection in computer security and an application to file system accesses | |
| Khraisat et al. | Survey of intrusion detection systems: techniques, datasets and challenges | |
| Hajj et al. | Anomaly‐based intrusion detection systems: The requirements, methods, measurements, and datasets | |
| Stolfo et al. | A comparative evaluation of two algorithms for windows registry anomaly detection | |
| Shu et al. | Unearthing stealthy program attacks buried in extremely long execution paths | |
| Garitano et al. | A review of SCADA anomaly detection systems | |
| Tan et al. | Hiding intrusions: From the abnormal to the normal and beyond | |
| Osareh et al. | Intrusion detection in computer networks based on machine learning algorithms | |
| US20240422178A1 (en) | Autonomic incident response system | |
| Dong et al. | Efficient discovery of abnormal event sequences in enterprise security systems | |
| Xie et al. | Seurat: A pointillist approach to anomaly detection | |
| Waskita et al. | A simple statistical analysis approach for intrusion detection system | |
| US20250021654A1 (en) | Rootkit detection based on system dump files analysis | |
| Vigna et al. | Host-based intrusion detection | |
| Ahmed et al. | Host based intrusion detection using RBF neural networks | |
| Dumitrasc et al. | User behavior analysis for malware detection | |
| El-Taj et al. | Intrusion detection and prevention response based on signature-based and anomaly-based: Investigation study | |
| US20240193271A1 (en) | Anomaly detection framework targeting ransomware using low-level hardware information | |
| US20250023909A1 (en) | Protecting backup systems against security threats using artificial intellegence | |
| Sallay et al. | Intrusion detection alert management for high‐speed networks: current researches and applications | |
| El Farissi et al. | The analysis performance of an intrusion detection systems based on neural network | |
| Helmer et al. | Anomalous intrusion detection system for hostile Java applets | |
| Gupta et al. | Device behavioral profiling for autonomous protection using deep neural networks | |
| Canzanese et al. | Inoculation against malware infection using kernel-level software sensors | |
| Qiao et al. | Behavior analysis-based learning framework for host level intrusion detection |