Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ISMIS
2005
Springer
2005
Springer
Anomaly Detection in Computer Security and an Application to File System Accesses
Abstract. We present an overview of anomaly detection used in computer security, and provide a detailed example of a host-based Intrusion Detection System that monitors file systems to detect abnormal accesses. The File Wrapper Anomaly Detector (FWRAP) has two parts, a sensor that audits file systems, and an unsupervised machine learning system that computes normal models of those accesses. FWRAP employs the Probabilistic Anomaly Detection (PAD) algorithm previously reported in our work on Windows Registry Anomaly Detection. FWRAP represents a general approach to anomaly detection. The detector is first trained by operating the host computer for some amount of time and a model specific to the target machine is automatically computed by PAD. The model is then deployed to a real-time detector. In this paper we describe the feature set used to model file system accesses, and the performance results of a set of experiments using the sensor while attacking a Linux host with a variety o...
Real-time TrafficRelated Content
| Added | 27 Jun 2010 |
| Updated | 27 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | ISMIS |
| Authors | Salvatore J. Stolfo, Shlomo Hershkop, Linh H. Bui, Ryan Ferster, Ke Wang |
Comments (0)
Researcher Info
|
