Title :
Statistical process control for computer intrusion detection
Author :
Ye, Nong ; Emran, Syed Masum ; Li, Xiangyang ; Chen, Qiang
Author_Institution :
Arizona State Univ., Tempe, AZ, USA
Abstract :
This paper describes the architecture of a distributed, host-based Intrusion Detection System (IDS) that we have developed at the Information and Systems Assurance Laboratory (ISA), Arizona State University (hence, ISA-IDS). ISA-IDS is developed based on statistical process control (SPC). In ISA-IDS we employ two intrusion detection techniques. One is an anomaly detection technique called Chi-square. Another is a misuse detection technique called Clustering. Each technique determines an intrusion warning (IW) level for each audit event. The IW levels from different intrusion detection techniques are then combined using a fusion technique into a composite IW level, 0 for normal, 1 for intrusive, and any value in between to signify, the intrusiveness. We also present the intrusion detection performance of the Chi-square and Clustering techniques
Keywords :
computer network management; security of data; statistical process control; supervisory programs; system monitoring; Clustering; Internet; anomaly detection; audit event; chi-square; computer intrusion detection; distributed host-based intrusion detection system; e-commerce systems; fusion technique; intrusion detection techniques; intrusion warning level; misuse detection technique; network security; statistical process control; Computer networks; Computerized monitoring; Condition monitoring; Information security; Instruction sets; Intrusion detection; Laboratories; Operating systems; Process control; Prototypes;
Conference_Titel :
DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings
Conference_Location :
Anaheim, CA
Print_ISBN :
0-7695-1212-7
DOI :
10.1109/DISCEX.2001.932187
