STATL is an extensible state/transition-based attack description language designed to support intrusion detection. The language allows one to describe computer penetrations as seq...
Steve T. Eckmann, Giovanni Vigna, Richard A. Kemme...
Anomaly detection in IP networks, detection of deviations from what is considered normal, is an important complement to misuse detection based on known attack descriptions. Perfor...
Data domain description techniques aim at deriving concise descriptions of objects belonging to a category of interest. For instance, the support vector domain description (SVDD) l...
We have been developing a data mining (i.e., knowledge discovery) framework, MADAM ID, for Mining Audit Data for Automated Models for Intrusion Detection [LSM98, LSM99b, LSM99a]. ...