Hu et al., 2009 - Google Patents
A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detectionHu et al., 2009
View PDF- Document ID
- 13958483890212150002
- Author
- Hu J
- Yu X
- Qiu D
- Chen H
- Publication year
- Publication venue
- IEEE network
External Links
Snippet
Extensive research activities have been observed on network-based intrusion detection systems (IDSs). However, there are always some attacks that penetrate traffic-profiling- based network IDSs. These attacks often cause very serious damages such as modifying …
- 238000001514 detection method 0 title abstract description 31
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Hu et al. | A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection | |
US12407712B2 (en) | Artificial intelligence cyber security analyst | |
Tunde-Onadele et al. | A study on container vulnerability exploit detection | |
Alkasassbeh et al. | Detecting distributed denial of service attacks using data mining techniques | |
Cao et al. | Machine learning to detect anomalies in web log analysis | |
Ye et al. | Robustness of the Markov-chain model for cyber-attack detection | |
US20160330226A1 (en) | Graph-based Instrusion Detection Using Process Traces | |
CN110958220A (en) | A cyberspace security threat detection method and system based on heterogeneous graph embedding | |
Hu | Host-based anomaly intrusion detection | |
Ahmed et al. | Detecting Computer Intrusions Using Behavioral Biometrics. | |
Sathya et al. | Discriminant analysis based feature selection in kdd intrusion dataset | |
Krishnaveni et al. | Ensemble approach for network threat detection and classification on cloud computing | |
EP3465515A1 (en) | Classifying transactions at network accessible storage | |
Bolzoni et al. | Panacea: Automating attack classification for anomaly-based network intrusion detection systems | |
Bulle et al. | A host-based intrusion detection model based on OS diversity for SCADA | |
CN118018231A (en) | Security policy management method, device, equipment and storage medium for isolation area | |
CN117668828A (en) | Malicious event detection method, device, equipment and computer readable storage medium | |
Boukraa et al. | Intelligent intrusion detection in software-defined networking: A comparative study of SVM and ANN models | |
Lagzian et al. | Frequent item set mining-based alert correlation for extracting multi-stage attack scenarios | |
Srinarayani et al. | Detection of botnet traffic using deep learning approach | |
Nisha et al. | Sequential pattern analysis for event-based intrusion detection | |
Flores et al. | Network anomaly detection by continuous hidden markov models: An evolutionary programming approach | |
Lee et al. | Intelligent intrusion detection system | |
Bie et al. | Malicious mining behavior detection system of encrypted digital currency based on machine learning | |
Werner et al. | Discovery of rare yet co-occurring actions with temporal characteristics in episodic cyberattack streams |