DocumentCode :
3312578
Title :
Foundations of intrusion detection [computer security]
Author :
Helman, Paul ; Liepins, Gunar ; Richards, Wynette
Author_Institution :
Dept. of Comput. Sci., New Mexico Univ., Albuquerque, NM, USA
fYear :
1992
fDate :
16-18 Jun 1992
Firstpage :
114
Lastpage :
120
Abstract :
Computer use is modeled as a mixture of two stochastic processes, normal and misuse. Intrusion detection is formally defined as identifying those transactions generated by the misuse process. Bounds for detection performance are derived in terms of the ratios of the densities of the processes at the individual transactions. It is shown that any optimal intrusion detection system must rank transaction suspicion consistently with these ratios. Sparsity of data requires that transactions be grouped into equivalence classes that preserve the order of the true ratio ranking and reduce the number of singleton and unobserved transactions. Results are described that demonstrate that in general this `singleton reduction´ problem is NP-hard
Keywords :
DP management; computational complexity; security of data; NP-hard; computer use; detection performance; equivalence classes; intrusion detection; optimal intrusion detection system; singleton reduction; Access control; Computer crime; Computer hacking; Computer science; Computer security; Humans; Intrusion detection; Laboratories; National security; Stochastic processes;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Foundations Workshop V, 1992. Proceedings.
Conference_Location :
Franconia, NH
Print_ISBN :
0-8186-2850-2
Type :
conf
DOI :
10.1109/CSFW.1992.236783
Filename :
236783
Link To Document :
بازگشت