Anomaly-based intrusion detection using distributed intelligent systems

Anomaly based intrusion detection suffers from the uncontrollability of the rate of false alarms (false positive). What one computer may not be able to accomplish (reliable detection of a new malware with small false positive) many networked intelligently may. This paper is a proof of concept of that idea based on simulation with real data analysis. It speculates on how such set-up could be made part of a large scale intelligent system.

[1]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[2]  Karl N. Levitt,et al.  A general cooperative intrusion detection architecture for MANETs , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).

[3]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[4]  Thomas M. Cover,et al.  The Best Two Independent Measurements Are Not the Two Best , 1974, IEEE Trans. Syst. Man Cybern..

[5]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[6]  Eric Totel,et al.  COTS Diversity Based Intrusion Detection and Application to Web Servers , 2005, RAID.

[7]  Kymie M. C. Tan,et al.  The effects of algorithmic diversity on anomaly detector performance , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[8]  A. Winfree Biological rhythms and the behavior of populations of coupled oscillators. , 1967, Journal of theoretical biology.

[9]  J. Neumann Probabilistic Logic and the Synthesis of Reliable Organisms from Unreliable Components , 1956 .

[10]  Anna Scaglione,et al.  A simple method to reach detection consensus in massively distributed sensor networks , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[11]  Kymie M. C. Tan,et al.  "Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  S. Strogatz,et al.  Synchronization of pulse-coupled biological oscillators , 1990 .

[13]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[14]  Cedric Michel,et al.  Intrusion detection: A bibliography , 2001 .

[15]  Tadeusz Pietraszek,et al.  Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection , 2004, RAID.

[16]  L. Gammaitoni,et al.  Stochastic resonance and the dithering effect in threshold physical systems. , 1995, Physical review. E, Statistical physics, plasmas, fluids, and related interdisciplinary topics.

[17]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[18]  Ludovic Mé,et al.  Experiments on COTS Diversity as an Intrusion Detection and Tolerance Mechanism , 2007 .

[19]  Kymie M. C. Tan,et al.  Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits , 2002, RAID.