Theoretical basis for intrusion detection

Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI:10.1109/IAW.2005.1495951

Zhuowei Li, A. Das, Jianying Zhou

{"title":"Theoretical basis for intrusion detection","authors":"Zhuowei Li, A. Das, Jianying Zhou","doi":"10.1109/IAW.2005.1495951","DOIUrl":null,"url":null,"abstract":"Intrusion detection has become an indispensable defense line in the information security infrastructure. However, every intrusion detection approach has been limited by their problems: signature-based intrusion detection can identify the known intrusions but cannot detect the novel intrusions, anomaly-based intrusion detection has the potential to detect all intrusions but has the limitation of a higher false alarm rate. For this reason, most existing intrusion detection techniques have not met the requirements for practical deployment. In this paper, the authors proposed a theoretical basis for intrusion detection to argue about their principles and to analyze the existing problems for intrusion detection in a quantified manner. The root causes of these problems are identified as model inaccuracy and model incompleteness as well as the distinguishability lack in the features utilized. In addition, it is also found that static analysis (Wagner, et al., 2001), with a properly selected feature vector, is a promising intrusion detection technique in principle because it can avoid the quality issue of its behavior models.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"64","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495951","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 64

Abstract

Intrusion detection has become an indispensable defense line in the information security infrastructure. However, every intrusion detection approach has been limited by their problems: signature-based intrusion detection can identify the known intrusions but cannot detect the novel intrusions, anomaly-based intrusion detection has the potential to detect all intrusions but has the limitation of a higher false alarm rate. For this reason, most existing intrusion detection techniques have not met the requirements for practical deployment. In this paper, the authors proposed a theoretical basis for intrusion detection to argue about their principles and to analyze the existing problems for intrusion detection in a quantified manner. The root causes of these problems are identified as model inaccuracy and model incompleteness as well as the distinguishability lack in the features utilized. In addition, it is also found that static analysis (Wagner, et al., 2001), with a properly selected feature vector, is a promising intrusion detection technique in principle because it can avoid the quality issue of its behavior models.

查看原文本刊更多论文

入侵检测的理论基础

入侵检测已经成为信息安全基础设施中必不可少的一道防线。然而，各种入侵检测方法都存在各自的问题:基于签名的入侵检测可以识别已知的入侵，但无法检测到新的入侵;基于异常的入侵检测具有检测所有入侵的潜力，但存在虚警率较高的局限性。因此，现有的入侵检测技术大多不能满足实际部署的要求。本文提出了入侵检测的理论基础，对其原理进行了论证，并对入侵检测存在的问题进行了量化分析。这些问题的根本原因是模型不准确和模型不完整，以及所使用的特征缺乏可区分性。此外，还发现静态分析(Wagner, et al.， 2001)在适当选择特征向量的情况下，原则上是一种很有前途的入侵检测技术，因为它可以避免其行为模型的质量问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop

自引率

0.00%

发文量