FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W20282507> ?p ?o ?g. }

• W20282507 abstract "Network attacks on computers have become a fact of life for network administrators. Detecting attacks accurately is important to limit their scope and destruction. Intrusion detection systems (IDSs) fall into two high-level categories: network-based systems (NIDS) that monitor network behaviors, and host-based systems (HIDS) that monitor system calls. In this work, we present a general technique for both systems.We consider the problem of detecting intrusions of the host level. We use anomaly detection, which identifies patterns not conforming to a historic norm. Our approach does not require expensive labeling or prior exposure to the attack type. In both types of systems, the rates of change vary dramatically over time (due to burstiness) and over components (due to service difference). To efficiently model such systems, we use continuous time Bayesian networks (CTBNs) and avoid specifying a fixed time interval. We build generative models from historic non-attack data, and flag future event sequences whose likelihood under this norm is below a threshold.As a NIDS, our method differs from previous approaches in explicitly modeling temporal dependencies in the network traffic. Our models are therefore more sensitive to subtle variations in the sequences of network events. We first construct a factored CTBN model for the network packet traces. We present two simple extensions to CTBNs that allow for instantaneous events that do not result in state changes, and simultaneous transitions of two variables. We then extend this model to a connected one. We construct it in a hierarchical way and use Rao-Blackwellized particle filtering for inference. We illustrate the power of our method through experiments on detecting real worms and identifying hosts on two publicly available network traces, the MAWI dataset and the LBNL dataset.For HIDS, we develop a novel learning method to deal with the finite resolution of system log file time stamps, without losing the benefits of our continuous time model. We demonstrate the method by detecting intrusions in the DARPA 1998 BSM dataset." @default.
• W20282507 created "2016-06-24" @default.
• W20282507 creator A5042066408 @default.
• W20282507 creator A5091230938 @default.
• W20282507 date "2010-01-01" @default.
• W20282507 modified "2023-10-07" @default.
• W20282507 title "A continuous time bayesian network approach for intrusion detection" @default.
• W20282507 cites W12987287 @default.
• W20282507 cites W129962873 @default.
• W20282507 cites W1494605253 @default.
• W20282507 cites W1503402212 @default.
• W20282507 cites W1539027 @default.
• W20282507 cites W1542813581 @default.
• W20282507 cites W1543388142 @default.
• W20282507 cites W1543675445 @default.
• W20282507 cites W1545915796 @default.
• W20282507 cites W1563709661 @default.
• W20282507 cites W1566480186 @default.
• W20282507 cites W1570713732 @default.
• W20282507 cites W1583975142 @default.
• W20282507 cites W1592915940 @default.
• W20282507 cites W1597438912 @default.
• W20282507 cites W17127720 @default.
• W20282507 cites W1872800509 @default.
• W20282507 cites W1941427975 @default.
• W20282507 cites W1968439359 @default.
• W20282507 cites W2012095206 @default.
• W20282507 cites W2020294948 @default.
• W20282507 cites W2020816856 @default.
• W20282507 cites W2049633694 @default.
• W20282507 cites W2075500716 @default.
• W20282507 cites W2086437504 @default.
• W20282507 cites W2101586207 @default.
• W20282507 cites W2104593144 @default.
• W20282507 cites W2106442760 @default.
• W20282507 cites W2106487029 @default.
• W20282507 cites W2119473700 @default.
• W20282507 cites W2122226347 @default.
• W20282507 cites W2128217000 @default.
• W20282507 cites W2129860818 @default.
• W20282507 cites W2130598205 @default.
• W20282507 cites W2134641333 @default.
• W20282507 cites W2140553492 @default.
• W20282507 cites W2149020252 @default.
• W20282507 cites W2154602821 @default.
• W20282507 cites W2164210932 @default.
• W20282507 cites W2164867384 @default.
• W20282507 cites W2170120409 @default.
• W20282507 cites W2963905603 @default.
• W20282507 cites W42722137 @default.
• W20282507 cites W6091113 @default.
• W20282507 hasPublicationYear "2010" @default.
• W20282507 type Work @default.
• W20282507 sameAs 20282507 @default.
• W20282507 citedByCount "6" @default.
• W20282507 countsByYear W202825072013 @default.
• W20282507 countsByYear W202825072014 @default.
• W20282507 countsByYear W202825072017 @default.
• W20282507 crossrefType "journal-article" @default.
• W20282507 hasAuthorship W20282507A5042066408 @default.
• W20282507 hasAuthorship W20282507A5091230938 @default.
• W20282507 hasConcept C110875604 @default.
• W20282507 hasConcept C124101348 @default.
• W20282507 hasConcept C136764020 @default.
• W20282507 hasConcept C154945302 @default.
• W20282507 hasConcept C158379750 @default.
• W20282507 hasConcept C199360897 @default.
• W20282507 hasConcept C2778579508 @default.
• W20282507 hasConcept C2780801425 @default.
• W20282507 hasConcept C2781023610 @default.
• W20282507 hasConcept C31258907 @default.
• W20282507 hasConcept C33724603 @default.
• W20282507 hasConcept C35525427 @default.
• W20282507 hasConcept C38652104 @default.
• W20282507 hasConcept C38822068 @default.
• W20282507 hasConcept C41008148 @default.
• W20282507 hasConcept C739882 @default.
• W20282507 hasConceptScore W20282507C110875604 @default.
• W20282507 hasConceptScore W20282507C124101348 @default.
• W20282507 hasConceptScore W20282507C136764020 @default.
• W20282507 hasConceptScore W20282507C154945302 @default.
• W20282507 hasConceptScore W20282507C158379750 @default.
• W20282507 hasConceptScore W20282507C199360897 @default.
• W20282507 hasConceptScore W20282507C2778579508 @default.
• W20282507 hasConceptScore W20282507C2780801425 @default.
• W20282507 hasConceptScore W20282507C2781023610 @default.
• W20282507 hasConceptScore W20282507C31258907 @default.
• W20282507 hasConceptScore W20282507C33724603 @default.
• W20282507 hasConceptScore W20282507C35525427 @default.
• W20282507 hasConceptScore W20282507C38652104 @default.
• W20282507 hasConceptScore W20282507C38822068 @default.
• W20282507 hasConceptScore W20282507C41008148 @default.
• W20282507 hasConceptScore W20282507C739882 @default.
• W20282507 hasLocation W202825071 @default.
• W20282507 hasOpenAccess W20282507 @default.
• W20282507 hasPrimaryLocation W202825071 @default.
• W20282507 hasRelatedWork W1494605253 @default.
• W20282507 hasRelatedWork W1511986666 @default.
• W20282507 hasRelatedWork W1532609882 @default.
• W20282507 hasRelatedWork W1542813581 @default.

• next