Statistical Problems with Statistical-based Intrusion Detection
نویسنده
چکیده
In 1987 Dorothy Denning wrote in her seminal paper “An Intrusion-Detection Model” the following words: “exploitation of a system’s vulnerabilities involves abnormal use of the system; therefore, security violations could be detected from abnormal patterns of usage.” With these words, Denning kicked off 20 years of research, development, and publications in anomaly-based intrusion detection, where systems build statistical profiles of normal usage patterns and detect variations from those profiles. Unfortunately, the statistics behind statisticalbased detection can lead to some unintuitive results, from surprisingly high numbers of false alarms to the potential of making a site less secure. This paper highlights some of the problems, causes, and implications anomaly-based detection.
منابع مشابه
Moving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملAudit Records Statistical Anomaly Detection Rule-based Intrusion Detection the Base-rate Fallacy Distributed Intrusion Detection Honeypots Intrusion Detection Exchange Format
20.1 Intruders Intruder Behavior Patterns Intrusion Techniques 20.2 Intrusion Detection Audit Records Statistical Anomaly Detection Rule-Based Intrusion Detection The Base-Rate Fallacy Distributed Intrusion Detection Honeypots Intrusion Detection Exchange Format 20.3 Password Management Password Protection Password Selection Strategies 20.4 Recommended Reading and Web Sites 20.5 Key Terms, Revi...
متن کاملStatistical Based Intrusion Detection Framework using Six Sigma Technique
This paper presents our statistical based intrusion detection framework for computer networks. This framework uses the six sigma technique to identify the thresholds for the critical network parameters. With the help of raw network data, the thresholds identified are used to differentiate normal, uncertain and abnormal behavior due to network intrusion. This is then used for efficient detection...
متن کاملCost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project
In this paper we describe the results achieved using the JAM distributed data mining system for the real world problem of fraud detection in financial information systems. For this domain we provide clear evidence that state-of-the-art commercial fraud detection systems can be substantially improved in stopping losses due to fraud by combining multiple models of fraudulent transaction shared am...
متن کاملThe Application of Data Mining Technology in the Intrusion Detection System
This paper analyzes the current situation of the intrusion detection system, which is the basis to put forward that data mining technology is to be applied to the intrusion detection system in terms of the problems of the traditional intrusion detection system. Meanwhile, the paper designs the intrusion detection model of data mining. With the study on intrusion detection and data mining, the a...
متن کامل