论文信息 - Threat-model-driven runtime adaptation and evaluation of intrusion detection system

Threat-model-driven runtime adaptation and evaluation of intrusion detection system

We present a mechanism for autonomous self-adaptation of a network-based intrusion detection system (IDS). The system is composed of a set of cooperating agents, each of which is based on an existing network behavior analysis method. The self adaptation mechanism is based on the insertion of a small number of challenges, i.e. known instances of past legitimate or malicious behavior. The response of individual system components to these challenges is used to measure and eventually optimize the system performance in terms of accuracy. In this work we show how to choose the challenges in a way such that the IDS attaches more importance to the detection of attacks that cause much damage.

[1] Christos H. Papadimitriou,et al. Computational complexity , 1993 .

[2] Thomas Engel,et al. Towards Trust-Based Acquisition of Unverifiable Information , 2008, CIA.

[3] Willard Van Orman Quine,et al. A Way to Simplify Truth Functions , 1955 .

[4] Michal Pechoucek,et al. Dynamic information source selection for intrusion detection systems , 2009, AAMAS.

[5] Andrew P. Moore,et al. Attack Modeling for Information Security and Survivability , 2001 .

[6] Michal Pechoucek,et al. Trust-Based Classifier Combination for Network Anomaly Detection , 2008, CIA.