Abstract

IDS would refine this technique and incorporate additional host context (e.g., argument dataflows [13]), the Forrest IDS codifies the general strategy for host-based anomaly detection: monitor a stream of audit events to differentiate typical behaviors from anomalous (potentially malicious) activity.