Ulrich Flegel scite author profile

Anomaly detection allows for the identification of unknown and novel attacks in network traffic. However, current approaches for anomaly detection of network packet payloads are limited to the analysis of plain byte sequences. Experiments have shown that application-layer attacks become difficult to detect in the presence of attack obfuscation using payload customization. The ability to incorporate syntactic context into anomaly detection provides valuable information and increases detection accuracy. In this contribution, we address the issue of incorporating protocol context into payload-based anomaly detection. We present a new data representation, called cn-grams, that allows to integrate syntactic and sequential features of payloads in an unified feature space and provides the basis for context-aware detection of network intrusions. We conduct experiments on both text-based and binary application-layer protocols which demonstrate superior accuracy on the detection of various types of attacks over regular anomaly detection methods. Furthermore, we show how cn-grams can be used to interpret detected anomalies and thus, provide explainable decisions in practice

show abstract

Transaction-Based Pseudonyms in Audit Data for Privacy Respecting Intrusion Detection

Biskup

Flegel

2000

View full text Add to dashboard Cite

Towards Early Warning Systems – Challenges, Technologies and Architecture

Apel

Biskup

Flegel³

et al. 2010

View full text Add to dashboard Cite

Pseudonymizing Unix Log Files

Flegel

2002

View full text Add to dashboard Cite

Fraud Detection in ERP Systems Using Scenario Matching

Islam

Corney

Mohay

et al. 2010

View full text Add to dashboard Cite

ERP systems generally implement controls to prevent certain common kinds of fraud. In addition however, there is an imperative need for detection of more sophisticated patterns of fraudulent activity as evidenced by the legal requirement for company audits and the common incidence of fraud. This paper describes the design and implementation of a framework for detecting patterns of fraudulent activity in ERP systems. We include the description of six fraud scenarios and the process of specifying and detecting the occurrence of those scenarios in ERP user log data using the prototype software which we have developed. The test results for detecting these scenarios in log data have been verified and confirm the success of our approach which can be generalized to ERP systems in general.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ulrich Flegel

Detecting zero-day attacks using context-aware anomaly detection at the application-layer

Transaction-Based Pseudonyms in Audit Data for Privacy Respecting Intrusion Detection

Towards Early Warning Systems – Challenges, Technologies and Architecture

Pseudonymizing Unix Log Files

Fraud Detection in ERP Systems Using Scenario Matching

Contact Info

Product

Resources

About