Andreas Wespi scite author profile

Abstract. Audit trail patterns generated on behalf of a Unix process can be used to model the process behavior. Most of the approaches proposed so far use a table of fixed-length patterns to represent the process model. However, variable-length patterns seem to be more naturally suited to model the process behavior, but they are also more difficult to construct. In this paper, we present a novel technique to build a table of variable-length patterns. This technique is based on Teiresias, an algorithm initially developed for discovering rigid patterns in unaligned biological sequences. We evaluate the quality of our technique in a testbed environment, and compare it with the intrusion-detection system proposed by Forrest et al. [8], which is based on fixed-length patterns. The results achieved with our novel method are significantly better than those obtained with the original method based on fixed-length patterns.

show abstract

A revised taxonomy for intrusion-detection systems

Debar

2000

View full text Add to dashboard Cite

Fixed vs. variable-length patterns for detecting suspicious process behavior

Debar

Daciér

Nassehi

et al. 1998

View full text Add to dashboard Cite

Towards an integrated approach to role engineering

Giblin

Graf

Karjoth

et al. 2010

View full text Add to dashboard Cite

Fixed- vs. variable-length patterns for detecting suspicious process behavior

Wespi

Debar

Daciér

et al. 2000

JCS

View full text Add to dashboard Cite

Elevating the Discussion on Security Management: The Data Centric Paradigm

Grandison

Bilger²,

O'connor

et al. 2007

View full text Add to dashboard Cite

Corporate decision makers have normally been Security-conscious enterprises understand that disconnected from the details of the security management managing Information Technology (IT) Security Risk is infrastructures of their organizations. The management of the critical element of their business resilience strategy. security resources has traditionally been the domain of a Lack of proper IT security controls places the entire small group of skilled and technically savvy professionals, enterprise at great risk. In the current business landscape, who report to the executive team. As threats become more IT security mechanisms are not (directly or indirectly) prevalent, attackers get smarter and the infrastructure correlated to business objectives. This lack of a direct link required to secure corporate assets become more complex, makes it is difficult to determine the right level of IT the communication gap between the decision makers and security to be employed by an organization and near the implementers has widened. The risk of impossible to justify investment levels in IT security misinterpretation of corporate strategy into technical safe controls. controls also increases with the above-mentioned trends.In parallel to this phenomenon, it can be observed that In this paper, we articulate a paradigm for managing business and technology factors are making traditional enterprise security called the Data Centric Security Model paradigms of computer security obsolete:(DCSM), which puts IT policy making in the hands of the corporate executives, so that security decisions can be * Integration or federation opens enterprises to their directly executed without the diluting effect of partners and to attacks and fraud originating from interpretation at different levels of the infrastructure and their networks. with the benefit of seeing direct correlation between business objective and security mechanism. Our articulation * Resource sharing, componentization and of the DCSM vision is a starting point for discussion and virtualization reduce barriers that once protected provides a rich platform for research into Business-Driven applications from each other. Security Management. * Provisioning engines and centralized directories (e.g.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Andreas Wespi

Towards a taxonomy of intrusion-detection systems

Aggregation and Correlation of Intrusion-Detection Alerts

Intrusion Detection Using Variable-Length Audit Trail Patterns

A revised taxonomy for intrusion-detection systems

Fixed vs. variable-length patterns for detecting suspicious process behavior

Towards an integrated approach to role engineering

Fixed- vs. variable-length patterns for detecting suspicious process behavior

Elevating the Discussion on Security Management: The Data Centric Paradigm

Contact Info

Product

Resources

About