Proceedings 2002 IEEE Symposium on Security and Privacy
DOI: 10.1109/secpri.2002.1004371
|View full text |Cite
|
Sign up to set email alerts
|

"Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
60
0
1

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 84 publications
(62 citation statements)
references
References 8 publications
1
60
0
1
Order By: Relevance
“…Other researchers, e.g. [9,10,8], have also explored the use of HMMs to intrusion detection, improving only slightly Warrender et al's results.…”
Section: Related Workmentioning
confidence: 99%
See 3 more Smart Citations
“…Other researchers, e.g. [9,10,8], have also explored the use of HMMs to intrusion detection, improving only slightly Warrender et al's results.…”
Section: Related Workmentioning
confidence: 99%
“…Tan and Maxion have shown that the size of the window, meaning the depth of the grammar, that Warrender et al is actually the minimal for an anomaly to be detected [8]. However, Wagner and Soto have disagreed with this result, demonstrating that a sliding window of size 6 is insufficient to detect a lot of mimicry attacks [1].…”
Section: Related Workmentioning
confidence: 99%
See 2 more Smart Citations
“…This detection method has been widely explored for the identification of malicious software. As explained in prior work [94,110], n-grams are particularly useful to model sequences of elements. The number associated to the "n" is the length of each examined sequence; the system receives labeled sequences and uses them to train a classifier in order to recognize from the sequences of an unknown sample to which label the sample should be assigned.…”
Section: History Leakage Detectionmentioning
confidence: 99%