A Preliminary Attempt to Apply Detection and Estimation Theory to Intrusion Detection

Research into the automated detection of computer security violations is hardly in its infancy, yet little comparison has beenmade with the established field of detection and estimation theory, the results of which have been found applicable to a wide range of problems in other disciplines. This paper attempts such a comparison, studying the problem of intrusion detection by the use of the introductory models of detection and estimation theory. Examples are given from current intrusion detection situations, and it is concluded that there are sufficient similarities between the fields to merit further study.

[1]  Erland Jonsson,et al.  An Approach to UNIX Security Logging 1 , 1998 .

[2]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[3]  Stefan Axelsson,et al.  An Approach to UNIX Security Logging , 1998 .

[4]  H. Javitz,et al.  Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System ( NIDES ) 1 , 1997 .

[5]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[6]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[7]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[8]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[9]  Carla E. Brodley,et al.  Temporal sequence learning and data reduction for anomaly detection , 1998, CCS '98.

[10]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, S&P 1997.

[11]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[12]  Paul Helman,et al.  Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse , 1993, IEEE Trans. Software Eng..

[13]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[14]  Craig A. Knoblock,et al.  Advanced Programming in the UNIX Environment , 1992, Addison-Wesley professional computing series.

[15]  Van Trees,et al.  Detection, estimation, and linear modulation theory , 1968 .