Detecting anomalous and unknown intrusions against programs

Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217) Pub Date : 1998-12-07 DOI:10.1109/CSAC.1998.738646

Anup K. Ghosh, James Wanken, F. Charron

{"title":"Detecting anomalous and unknown intrusions against programs","authors":"Anup K. Ghosh, James Wanken, F. Charron","doi":"10.1109/CSAC.1998.738646","DOIUrl":null,"url":null,"abstract":"The ubiquity of the Internet connection to desktops has been both a boon to business as well as a cause for concern for the security of digital assets that may be unknowingly exposed. Firewalls have been the most commonly deployed solution to secure corporate assets against intrusions, but firewalls are vulnerable to errors in configuration, ambiguous security policies, data-driven attacks through allowed services, and insider attacks. The failure of firewalls to adequately protect digital assets from computer-based attacks has been a boon to commercial intrusion detection tools. Two general approaches to detecting computer security intrusions in real time are misuse detection and anomaly detection. Misuse detection attempts to detect known attacks against computer systems. Anomaly detection uses knowledge of users' normal behavior to detect attempted attacks. The primary advantage of anomaly detection over misuse detection methods is the ability to detect novel and unknown intrusions. This paper presents a study in employing neural networks to detect the existence of anomalous and unknown intrusions against a software system using the anomaly detection approach.","PeriodicalId":426526,"journal":{"name":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1998-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"300","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.1998.738646","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 300

Abstract

The ubiquity of the Internet connection to desktops has been both a boon to business as well as a cause for concern for the security of digital assets that may be unknowingly exposed. Firewalls have been the most commonly deployed solution to secure corporate assets against intrusions, but firewalls are vulnerable to errors in configuration, ambiguous security policies, data-driven attacks through allowed services, and insider attacks. The failure of firewalls to adequately protect digital assets from computer-based attacks has been a boon to commercial intrusion detection tools. Two general approaches to detecting computer security intrusions in real time are misuse detection and anomaly detection. Misuse detection attempts to detect known attacks against computer systems. Anomaly detection uses knowledge of users' normal behavior to detect attempted attacks. The primary advantage of anomaly detection over misuse detection methods is the ability to detect novel and unknown intrusions. This paper presents a study in employing neural networks to detect the existence of anomalous and unknown intrusions against a software system using the anomaly detection approach.

查看原文本刊更多论文

检测对程序的异常和未知入侵

互联网连接到桌面的无所不在给企业带来了好处，同时也引起了人们对数字资产安全性的担忧，这些资产可能在不知不觉中暴露出来。防火墙一直是保护公司资产免受入侵的最常用的解决方案，但是防火墙很容易受到配置错误、不明确的安全策略、通过允许的服务进行的数据驱动攻击以及内部攻击的影响。防火墙未能充分保护数字资产免受基于计算机的攻击，这对商业入侵检测工具来说是一个福音。实时检测计算机安全入侵的两种常用方法是误用检测和异常检测。误用检测试图检测已知的针对计算机系统的攻击。异常检测通过了解用户的正常行为来检测攻击企图。与误用检测方法相比，异常检测的主要优点是能够检测到新的和未知的入侵。本文提出了一种利用异常检测方法，利用神经网络检测软件系统是否存在异常和未知入侵的研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)

自引率

0.00%

发文量