Integrating network misuse and anomaly prevention

Y.K. Penva, P. G. Bringas
{"title":"Integrating network misuse and anomaly prevention","authors":"Y.K. Penva, P. G. Bringas","doi":"10.1109/INDIN.2008.4618168","DOIUrl":null,"url":null,"abstract":"Network intrusion detection systems (NIDS) aim at preventing network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, NIDS can be oriented to detect misuses (by defining all possible attacks) or anomalies (by modelling legitimate behaviour to find those that do not fit into that model). Still, since their problem knowledge is restricted to possible attacks, misuse detection fails to notice anomalies and vice versa. Against this background, this paper proposes a third alternative that hybrids misuse and anomaly prevention. In this way, ESIDE-Depian uses a Bayesian network to learn from both anomaly and misuse knowledge in order to be able to detect either kind of attacks, known and unknown. Finally, we evaluate ESIDE-Depian against all kind of menaces to prove in which degree it has been achieved to integrate both approaches.","PeriodicalId":112553,"journal":{"name":"2008 6th IEEE International Conference on Industrial Informatics","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 6th IEEE International Conference on Industrial Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDIN.2008.4618168","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6

Abstract

Network intrusion detection systems (NIDS) aim at preventing network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, NIDS can be oriented to detect misuses (by defining all possible attacks) or anomalies (by modelling legitimate behaviour to find those that do not fit into that model). Still, since their problem knowledge is restricted to possible attacks, misuse detection fails to notice anomalies and vice versa. Against this background, this paper proposes a third alternative that hybrids misuse and anomaly prevention. In this way, ESIDE-Depian uses a Bayesian network to learn from both anomaly and misuse knowledge in order to be able to detect either kind of attacks, known and unknown. Finally, we evaluate ESIDE-Depian against all kind of menaces to prove in which degree it has been achieved to integrate both approaches.
集成网络误用和异常防范
网络入侵检测系统(NIDS)旨在防止网络攻击和未经授权的远程使用计算机。更准确地说,根据它所针对的攻击类型,NIDS可以定向检测滥用(通过定义所有可能的攻击)或异常(通过对合法行为进行建模以发现那些不符合该模型的行为)。但是,由于它们的问题知识仅限于可能的攻击,因此误用检测无法注意到异常,反之亦然。在此背景下,本文提出了误用与异常预防相结合的第三种方案。通过这种方式,side - depian使用贝叶斯网络从异常和误用知识中学习,以便能够检测已知和未知的任何一种攻击。最后,我们评估了side - depian对各种威胁的影响,以证明在何种程度上实现了两种方法的整合。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信