Title :
Theoretical basis for intrusion detection
Author :
Li, Zhuowei ; Das, Aruneema ; Zho, Jianying
Author_Institution :
Sch. of Comput. Eng., Nanyang Technol. Univ., Jurong, Singapore
Abstract :
Intrusion detection has become an indispensable defense line in the information security infrastructure. However, every intrusion detection approach has been limited by their problems: signature-based intrusion detection can identify the known intrusions but cannot detect the novel intrusions, anomaly-based intrusion detection has the potential to detect all intrusions but has the limitation of a higher false alarm rate. For this reason, most existing intrusion detection techniques have not met the requirements for practical deployment. In this paper, the authors proposed a theoretical basis for intrusion detection to argue about their principles and to analyze the existing problems for intrusion detection in a quantified manner. The root causes of these problems are identified as model inaccuracy and model incompleteness as well as the distinguishability lack in the features utilized. In addition, it is also found that static analysis (Wagner, et al., 2001), with a properly selected feature vector, is a promising intrusion detection technique in principle because it can avoid the quality issue of its behavior models.
Keywords :
digital signatures; feature extraction; program diagnostics; anomaly-based intrusion detection; behavior model; feature vector; information security infrastructure; model inaccuracy; model incompleteness; signature-based intrusion detection; static analysis; Access control; Authentication; Computational efficiency; Computer applications; Face detection; Information security; Internet; Intrusion detection; Power system modeling;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495951
