One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior. The result is a host-based intrusion detection system with three advantages: a high degree of automation, ...

Quantitative characterization of randomly roving agents in Agent Based Intrusion Detection Environment (ABIDE) is studied. Formula simplifications regarding known results and publications are given. Extended Agent Based Intrusion Detection Environment (EABIDE) is introduced and quantitative characterization of roving agents in EABIDE is studies.

We present a host-based intrusion detection system for Microsoft Windows. The core of the system is an algorithm that detects attacks on a host machine by looking for anomalous accesses to the Windows Registry. The key idea is to first train a model of normal registry behavior for a host and to use this model to detect abnormal registry accesses at run-time. The system trains a normal model usi...

This paper presents some proposals and contributions in network-based intrusion-related technologies. Two key points are discussed in this line: anomaly-based intrusion detection, and active response mechanisms. The first issue is mainly focused on the consideration of a stochastic approach to model the normal behavior of the network system to be monitored and protected. This anomaly-based dete...

Information security and Intrusion Detection System (IDS) plays a critical role in the Internet. IDS is an essential tool for detecting different kinds of attacks in a network and maintaining data integrity, confidentiality and system availability against possible threats. In this paper, a hybrid approach towards achieving high performance is proposed. In fact, the important goal of this paper ...

In this paper, we present an effective intrusion response engine combined with intrusion detection in ad hoc networks. The intrusion response engine is composed of a secure communication module, a local and a global response module. Its function is based on an innovative tree-based key agreement protocol while the intrusion detection engine is based on a class of neural networks called eSOM. Th...

Network based distributed intrusion detection is a common trend in several commercial intrusion detection systems. However, network based intrusion detection requires that a security officer comprehends the dynamic and non-deterministic nature of data traffic across the network. This paper provides security officers with a brief introduction to intrusion detection techniques and classifications...

Due to the rapid growth of networked computer resources and the increasing importance of related applications, intrusions which threaten the infrastructure of these applications have are critical problems. In recent years, several intrusion detection systems designed to identify and detect possible intrusion behaviors. In this work, an intrusion detection model is proposed to for building an in...

With the rapid growth of computer networks during the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is through monitoring unusual user activity. This can be achieved with an Intrusion Detection System, which identifies attacks and reacts by generating alerts or by blocking the unwanted data/traffic. These systems are mainl...