research-article

An Intrusion-Detection Model

Author:

Dorothy E. DenningAuthors Info & Claims

IEEE Transactions on Software Engineering, Volume 13, Issue 2

Pages 222 - 232

https://doi.org/10.1109/TSE.1987.232894

Published: 01 February 1987 Publication History

Publisher Site

Abstract

A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.

Cited By

View all

Wanjau SWambugu GOirere AMuketha G(2024)Discriminative spatial-temporal feature learning for modeling network intrusion detection systemsJournal of Computer Security10.3233/JCS-22003132:1(1-30)Online publication date: 2-Feb-2024
https://dl.acm.org/doi/10.3233/JCS-220031
Neumann PLindqvist U(2024)The Future of Misuse DetectionCommunications of the ACM10.1145/368959667:11(27-28)Online publication date: 15-Oct-2024
https://dl.acm.org/doi/10.1145/3689596
Ricks BTague PThuraisingham BNatarajan SNiu JVaidya J(2024)Utilizing Threat Partitioning for More Practical Network Anomaly DetectionProceedings of the 29th ACM Symposium on Access Control Models and Technologies10.1145/3649158.3657046(83-91)Online publication date: 24-Jun-2024
https://dl.acm.org/doi/10.1145/3649158.3657046
Show More Cited By

Index Terms

An Intrusion-Detection Model

Recommendations

A Survey on Intrusion Detection and Prevention Systems
Abstract
In the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to ...
Real-time network-based anomaly intrusion detection
Real-time system security

The global internet has made computer systems world-wide vulnerable to an ever-changing array of attacks. A new approach to perform real-time network-based anomaly intrusion detection is presented in this paper. Real-time Tcptrace generates data streams ...
CloudRPS: a cloud analysis based enhanced ransomware prevention system

Recently, indiscriminate ransomware attacks targeting a wide range of victims for monetary gains have become a worldwide social issue. In the early years, ransomware has used e-mails as attack method. The most common spreading method was through spam ...

Reviews

Reviewer: Stanley A. Kurzban

As magnetic media has replaced paper, the problem of controlling data has changed in character, if not in principle [1]. Computers have long been able to collect all the data needed for control, but the volumes involved have overwhelmed those responsible for exercising and assessing control [2]. Finally, a significant step has been taken to determine how data might be audited to give people a useful picture of what threatens it. The Intrusion Detection System (IDES) is a knowledge-based set of programs that are designed to detect those apparent changes in a user's behavior that are malicious or to detect someone who is masquerading as the user. IDES may also detect penetration attempts, subversion by Trojan horses or viruses, or resource-monopolization (called “denial of service”) attacks. IDES models users' behavior patterns in terms of login frequency; location frequency; login intervals; session duration, output, and resource usage; and login failures. Deviations from established norms are treated as indicators of potential attack. As the paper makes clear, much work in the field remains. Yet the start is very promising and is one that the author presents with the exemplary clarity, logic, and comprehensiveness that mark all of her works. Computer scientists and auditors alike will find much of value. The reviewer detected no difference between the paper under review and [3], so readers of either are advised not to seek the other.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Software Engineering

IEEE Transactions on Software Engineering Volume 13, Issue 2

Special issue on computer security and privacy

February 1987

173 pages

ISSN:0098-5589

Editors:
Virgil D. Gilgor
Univ. of Maryland, College Park
,
David J. Bailey
Los Alamos National Laboratory, Los Alamos, CA

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 February 1987

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

497
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wanjau SWambugu GOirere AMuketha G(2024)Discriminative spatial-temporal feature learning for modeling network intrusion detection systemsJournal of Computer Security10.3233/JCS-22003132:1(1-30)Online publication date: 2-Feb-2024
https://dl.acm.org/doi/10.3233/JCS-220031
Neumann PLindqvist U(2024)The Future of Misuse DetectionCommunications of the ACM10.1145/368959667:11(27-28)Online publication date: 15-Oct-2024
https://dl.acm.org/doi/10.1145/3689596
Ricks BTague PThuraisingham BNatarajan SNiu JVaidya J(2024)Utilizing Threat Partitioning for More Practical Network Anomaly DetectionProceedings of the 29th ACM Symposium on Access Control Models and Technologies10.1145/3649158.3657046(83-91)Online publication date: 24-Jun-2024
https://dl.acm.org/doi/10.1145/3649158.3657046
Zhong YWang ZShi XYang JLi K(2024)RFG-HELAD: A Robust Fine-Grained Network Traffic Anomaly Detection Model Based on Heterogeneous Ensemble LearningIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.340243919(5895-5910)Online publication date: 17-May-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3402439
Narayan KGanesula RSomasekhar TMookherji SOdelu VPrasath RReddy A(2024)Attenuating majority attack class bias using hybrid deep learning based IDS frameworkJournal of Network and Computer Applications10.1016/j.jnca.2024.103954230:COnline publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1016/j.jnca.2024.103954
Benabderrahmane SHoang NValtchev PCheney JRahwan T(2024)Hack me if you canFuture Generation Computer Systems10.1016/j.future.2024.06.050160:C(926-941)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1016/j.future.2024.06.050
Shirsath VChandane MLal CConti M(2024)SYNTROPYComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110327244:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.comnet.2024.110327
Touny HMoussa AHadi A(2024)Scalable fuzzy multivariate outliers identification towards big data applicationsApplied Soft Computing10.1016/j.asoc.2024.111444155:COnline publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1016/j.asoc.2024.111444
Pramanick NSrivastava SMathew JAgarwal M(2024)Enhanced IDS Using BBA and SMOTE-ENN for Imbalanced Data for CybersecuritySN Computer Science10.1007/s42979-024-03229-x5:7Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1007/s42979-024-03229-x
Lu HZhao YSong YYang YHe GYu HRen Y(2024)A transfer learning-based intrusion detection system for zero-day attack in communication-based train control systemCluster Computing10.1007/s10586-024-04376-927:6(8477-8492)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1007/s10586-024-04376-9
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

A Survey on Intrusion Detection and Prevention Systems

Real-time network-based anomaly intrusion detection

CloudRPS: a cloud analysis based enhanced ransomware prevention system

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations