An Intrusion-Detection Model

Abstract

A model of a real-time, intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 1987
Accession Number
ADA484998

Entities

People

  • Dorothy E. Denning

Organizations

  • SRI International

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Databases
  • Detection
  • Directories
  • False Alarms
  • Information Operations
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Monitoring
  • Operating Systems
  • Random Variables
  • Security
  • Software Development
  • Trojan Horse
  • Vulnerability
  • Warning Systems

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Regression Analysis.
  • Software Engineering.