[Denning86] D. Denning, An Intrusion Detection Model, IEEE Conference on Security and Privacy, 1986. Also appearing in IEEE Trans. on Software Eng., V13#2, Feb., 1987. [This paper describes one of the first models of real-time intrusion detection for general purpose computer systems based on expert-system analysis of audit trails. It is based on detecting patterns of known attacks against the background of normal user behavior.]
fc@red.all.net