Performance Evaluation of Anomaly-Based Detection Mechanisms
作者: K. M. C. Tan , R. A. Maxion
DOI:
关键词: Artificial intelligence 、 Compensation (engineering) 、 Intrusion detection system 、 Pattern recognition 、 Detector 、 Anomaly (physics) 、 Correlation 、 Detection performance 、 Computer science 、 Space (mathematics)
摘要: Common practice in anomaly-based intrusion detection is that one size fits all: a single anomaly detector should detect all anomalies. Compensation for any performance shortcomings sometimes effected by resorting to correlation techniques, which could be seen as making use of diversity. Such diversity intuitively based on the assumption coverage different – perhaps widely detectors, each covering some disparate portion space. Diversity, then, enhances combining coverages individual detectors across multiple sub-regions space, resulting an overall superior detector. No studies have been done, however, measured effects obtained. This paper explores using diverse anomalydetection algorithms (algorithmic diversity) detection. Experimental results indicate while performance/coverage improvements can fact algorithms, gains are surprisingly not result large, non-overlapping regions Rather, at edges and heavily dependent parameter values well characteristics As consequence this study, defenders provided with detailed knowledge how combine parameterize them, under what conditions, effect
参考文章(27)
Kymie M. C. Tan, Kevin S. Killourhy, Roy A. Maxion, Undermining an anomaly-based intrusion detection system using common exploits recent advances in intrusion detection. pp. 54- 73 ,(2002) , 10.1007/3-540-36084-0_4
Carla E. Brodley, Terran Lane, Sequence Matching and Learning in Anomaly Detection for Computer Security ,(1997)
Terran Lane, Carla E Brodley, An Application of Machine Learning to Anomaly Detection ,(1999)
Sandeep Kumar, Classification and detection of computer intrusions Purdue University. ,(1996)
Aaron Schwartzbard, Michael Schatz, Anup K. Ghosh, Learning program behavior profiles for intrusion detection ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 6- 6 ,(1999)
Terran D. Lane, Carla E. Brodley, Machine learning techniques for the computer security domain of anomaly detection ,(2000)
Bev Littlewood, Lorenzo Strigini, Redundancy and Diversity in Security Computer Security – ESORICS 2004. pp. 423- 438 ,(2004) , 10.1007/978-3-540-30108-0_26
M. Bishop, S. Cheung, C. Wee, The threat from the net [Internet security] IEEE Spectrum. ,vol. 34, pp. 56- 63 ,(1997) , 10.1109/6.609475
Hervé Debar, Marc Dacier, Andreas Wespi, Towards a taxonomy of intrusion-detection systems Computer Networks. ,vol. 31, pp. 805- 822 ,(1999) , 10.1016/S1389-1286(98)00017-6
R.A. Maxion, K.M.C. Tan, Anomaly detection in embedded systems IEEE Transactions on Computers. ,vol. 51, pp. 108- 120 ,(2002) , 10.1109/12.980003