{"title":"可信系统中的入侵和异常检测","authors":"J. Winkler, W. Page","doi":"10.1109/CSAC.1989.81023","DOIUrl":null,"url":null,"abstract":"A real-time network and host security monitor that allows both interactive and automatic audit trail analysis is described. Audit records, i.e. tokens of actual user behavior, are examined in the context of user profiles, i.e. measures of expected behavior. This system combines a set of statistical tools for both interactive and automatic analysis of audit data, an expert system that works in conjunction with the statistical tools, and a hierarchical set of audit indicators which are based on an indications and warning model. The application of the model makes it possible both to collect audit events at a fine level of granularity and to effectively direct intrusion anomaly detection by defining levels of concern. A set of discrete tools, capabilities, and components is implemented in a hybrid design utilizing control concepts from operating systems theory and problem-solving concepts from blackboard artificial-intelligence systems.<<ETX>>","PeriodicalId":284420,"journal":{"name":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1989-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"Intrusion and anomaly detection in trusted systems\",\"authors\":\"J. Winkler, W. Page\",\"doi\":\"10.1109/CSAC.1989.81023\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A real-time network and host security monitor that allows both interactive and automatic audit trail analysis is described. Audit records, i.e. tokens of actual user behavior, are examined in the context of user profiles, i.e. measures of expected behavior. This system combines a set of statistical tools for both interactive and automatic analysis of audit data, an expert system that works in conjunction with the statistical tools, and a hierarchical set of audit indicators which are based on an indications and warning model. The application of the model makes it possible both to collect audit events at a fine level of granularity and to effectively direct intrusion anomaly detection by defining levels of concern. A set of discrete tools, capabilities, and components is implemented in a hybrid design utilizing control concepts from operating systems theory and problem-solving concepts from blackboard artificial-intelligence systems.<<ETX>>\",\"PeriodicalId\":284420,\"journal\":{\"name\":\"[1989 Proceedings] Fifth Annual Computer Security Applications Conference\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1989-12-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"[1989 Proceedings] Fifth Annual Computer Security Applications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSAC.1989.81023\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"[1989 Proceedings] Fifth Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.1989.81023","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Intrusion and anomaly detection in trusted systems
A real-time network and host security monitor that allows both interactive and automatic audit trail analysis is described. Audit records, i.e. tokens of actual user behavior, are examined in the context of user profiles, i.e. measures of expected behavior. This system combines a set of statistical tools for both interactive and automatic analysis of audit data, an expert system that works in conjunction with the statistical tools, and a hierarchical set of audit indicators which are based on an indications and warning model. The application of the model makes it possible both to collect audit events at a fine level of granularity and to effectively direct intrusion anomaly detection by defining levels of concern. A set of discrete tools, capabilities, and components is implemented in a hybrid design utilizing control concepts from operating systems theory and problem-solving concepts from blackboard artificial-intelligence systems.<>
![[1989 Proceedings] Fifth Annual Computer Security Applications Conference](/Content/css/sci/img/zetp.jpg)
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
