[go: up one dir, main page]

Hu et al., 2009 - Google Patents

A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection

Hu et al., 2009

View PDF
Document ID
13958483890212150002
Author
Hu J
Yu X
Qiu D
Chen H
Publication year
Publication venue
IEEE network

External Links

Snippet

Extensive research activities have been observed on network-based intrusion detection systems (IDSs). However, there are always some attacks that penetrate traffic-profiling- based network IDSs. These attacks often cause very serious damages such as modifying …
Continue reading at www.researchgate.net (PDF) (other versions)

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Similar Documents

Publication Publication Date Title
Hu et al. A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection
US12407712B2 (en) Artificial intelligence cyber security analyst
Tunde-Onadele et al. A study on container vulnerability exploit detection
Alkasassbeh et al. Detecting distributed denial of service attacks using data mining techniques
Cao et al. Machine learning to detect anomalies in web log analysis
Ye et al. Robustness of the Markov-chain model for cyber-attack detection
US20160330226A1 (en) Graph-based Instrusion Detection Using Process Traces
CN110958220A (en) A cyberspace security threat detection method and system based on heterogeneous graph embedding
Hu Host-based anomaly intrusion detection
Ahmed et al. Detecting Computer Intrusions Using Behavioral Biometrics.
Sathya et al. Discriminant analysis based feature selection in kdd intrusion dataset
Krishnaveni et al. Ensemble approach for network threat detection and classification on cloud computing
EP3465515A1 (en) Classifying transactions at network accessible storage
Bolzoni et al. Panacea: Automating attack classification for anomaly-based network intrusion detection systems
Bulle et al. A host-based intrusion detection model based on OS diversity for SCADA
CN118018231A (en) Security policy management method, device, equipment and storage medium for isolation area
CN117668828A (en) Malicious event detection method, device, equipment and computer readable storage medium
Boukraa et al. Intelligent intrusion detection in software-defined networking: A comparative study of SVM and ANN models
Lagzian et al. Frequent item set mining-based alert correlation for extracting multi-stage attack scenarios
Srinarayani et al. Detection of botnet traffic using deep learning approach
Nisha et al. Sequential pattern analysis for event-based intrusion detection
Flores et al. Network anomaly detection by continuous hidden markov models: An evolutionary programming approach
Lee et al. Intelligent intrusion detection system
Bie et al. Malicious mining behavior detection system of encrypted digital currency based on machine learning
Werner et al. Discovery of rare yet co-occurring actions with temporal characteristics in episodic cyberattack streams