Evaluation of intrusion detectors: a decision theory approach
作者: J.E. Gaffney , J.W. Ulvila
DOI: 10.1109/SECPRI.2001.924287
关键词: Computer science 、 Data mining 、 Range (statistics) 、 Decision theory 、 Intrusion detection system 、 Receiver operating characteristic 、 Metric (unit) 、 Detector
摘要: We present a method of analysis for evaluating intrusion detection systems. The can be used to compare the performance detectors, evaluate goals and determine best configuration an detector given environment. uses decision that integrates extends ROC (receiver operating characteristics) cost methods provide expected metric. general results illustrate in several numerical examples cover range detectors meet goal two actual realistic demonstrate that, contrary common advice, value system optimal operation depend not only on system's curve, but also metrics hostility environment as summarized by probability intrusion. Extensions are outlined, conclusions drawn.
ieeecomputersociety.org
acm.org 参考文章(11)
Thomas L. Magnanti, Stephen P. Bradley, Arnoldo C. Hax, Applied Mathematical Programming ,(1977)
Paul A. Wintz, John C. Hancock, Signal Detection Theory McGraw-Hill. ,(1966)
Peter G. Neumann, Phillip A. Porras, Experience with EMERALD to Date ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 73- 80 ,(1999)
Howard Raiffa, John W. Pratt, Robert Schlaifer, Introduction to Statistical Decision Theory ,(1995)
Howard Raiffa, Ralph Keeney, Decisions with Multiple Objectives Research Papers in Economics. ,(1976)
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
S. Kent, On the trail of intrusions into information systems IEEE Spectrum. ,vol. 37, pp. 52- 56 ,(2000) , 10.1109/6.887597
Robert Durst, Terrence Champion, Brian Witten, Eric Miller, Luigi Spagnuolo, Testing and evaluating computer intrusion detection systems Communications of The ACM. ,vol. 42, pp. 53- 61 ,(1999) , 10.1145/306549.306571
Stefan Axelsson, The base-rate fallacy and the difficulty of intrusion detection ACM Transactions on Information and System Security. ,vol. 3, pp. 186- 205 ,(2000) , 10.1145/357830.357849
S.J. Stolfo, Wei Fan, Wenke Lee, A. Prodromidis, P.K. Chan, Cost-based modeling for fraud and intrusion detection: results from the JAM project darpa information survivability conference and exposition. ,vol. 2, pp. 130- 144 ,(2000) , 10.1109/DISCEX.2000.821515