Implications of IDS Classification on Attack Detection
作者: Emilie Lundin , Magnus Almgren , Erland Jonsson
DOI:
关键词: Attack model 、 Data mining 、 Computer science 、 Generation process 、 Intrusion detection system 、 Reference model
摘要: Accurate taxonomies are critical for the advancement of research fields. Taxonomies intrusion detection systems (IDSs) not fully agreed upon, and further lack convincing motivation their categories. We survey summarize previously made detection. Focusing on categories relevant methods, we extract commonly used concepts define three new attributes: reference model type, generation process, updating strategy. Using our framework, range terms can easily be explained. study usefulness these attributes with two empirical evaluations. Firstly, use taxonomy to create a existing IDSs, successful result, i.e. IDSs well scattered in defined space. Secondly, investigate whether reason about capability based method classes, as by framework. establish that different methods vary detect specific attack types. The type seems better suited than process such reasoning. However, results tentative relatively small number attacks.
chalmers.se参考文章(23)
Kathleen A. Jackson, INTRUSION DETECTION SYSTEM (IDS) PRODUCT SURVEY ,(1999)
Dominique Alessandri, Towards a Taxonomy of Intrusion Detection Systems and Attacks ,(2001)
Sandeep Kumar, Classification and detection of computer intrusions Purdue University. ,(1996)
Peter M. Mell, Understanding the Global Attack Toolkit Using a Database of Dependent Classifiers | NIST ,(1998)
Magnus Almgren, Marc Dacier, Hervé Debar, A Lightweight Tool for Detecting Web Server Attacks. network and distributed system security symposium. ,(2000)
Eugene H. Spafford, Ivan Victor Krsul, Software vulnerability analysis Purdue University. ,(1998)
U. Lindqvist, P.A. Porras, eXpert-BSM: a host-based intrusion detection solution for Sun Solaris annual computer security applications conference. pp. 240- 251 ,(2001) , 10.1109/ACSAC.2001.991540
John Douglas Howard, An analysis of security incidents on the Internet 1989-1995 Carnegie Mellon University. ,(1998)
Ulf Lindqvist, On the Fundamentals of Analysis and Detection of Computer Misuse Chalmers University of Technology. ,(1999)
James Cannady, Artificial Neural Networks for Misuse Detection ,(1998)