Improving the efficiency of misuse detection

被引：0

作者：

Meier, M ^{[1
]}

Schmerl, S ^{[1
]}

Koenig, H ^{[1
]}

机构：

[1] Brandenburg Tech Univ Cottbus, Dept Comp Sci, D-03013 Cottbus, Germany

来源：

DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT, PROCEEDINGS | 2005年 / 3548卷

关键词：

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In addition to preventive mechanisms intrusion detection systems (IDS) are an important instrument to protect computer systems. Most IDSs used today realize the misuse detection approach. These systems analyze monitored events for occurrences of defined patterns (signatures), which indicate security violations. Up to now only little attention has been paid to the analysis efficiency of these systems. In particular for systems that are able to detect complex, multi-step attacks not much work towards performance optimizations has been done. This paper discusses analysis techniques of IDSs used today and introduces a couple of optimizing strategies, which exploit structural properties of signatures to increase the analyze efficiency. A prototypical implementation has been used to evaluate these strategies experimentally and to compare them with currently deployed misuse detection techniques. Measurements showed that significant performance improvements can be gained by using the proposed optimizing strategies. The effects of each optimization strategy on the analysis efficiency are discussed in detail.

引用

页码：188 / 205

页数：18

共 50 条

[1] Improving the Efficiency of Misuse Detection by Means of the q-gram Distance
Petrovic, Slobodan
Bakke, Sverre
[J]. FOURTH INTERNATIONAL SYMPOSIUM ON INFORMATION ASSURANCE AND SECURITY, PROCEEDINGS, 2008, : 205 - 208
[2] Improving Detection Rate Using Misuse Detection and Machine Learning
Rajpal, Rohini
Kaur, Sanmeet
Kaur, Ramandeep
[J]. PROCEEDINGS OF THE 2016 SAI COMPUTING CONFERENCE (SAI), 2016, : 1131 - 1135
[3] Improving the Efficiency of Obstacle Detection
Palchikov, V. P.
Budai, B. T.
[J]. PHYSICS, TECHNOLOGIES AND INNOVATION (PTI-2016), 2016, 1767
[4] Improving the Efficiency of Inclusion Dependency Detection
Shaabani, Nuhad
Meinel, Christoph
[J]. CIKM'18: PROCEEDINGS OF THE 27TH ACM INTERNATIONAL CONFERENCE ON INFORMATION AND KNOWLEDGE MANAGEMENT, 2018, : 207 - 216
[5] Improving detection of alcohol misuse in patients presenting to an accident and emergency department
Huntley, JS
Blain, C
Hood, S
Touquet, R
[J]. EMERGENCY MEDICINE JOURNAL, 2001, 18 (02) : 99 - 104
[6] Efficiency issues of rete-based expert systems for misuse detection
Meier, Michael
Flegel, Ulrich
Schmerl, Sebastian
[J]. TWENTY-THIRD ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2007, : 151 - +
[7] Improving the efficiency of intrusion detection in information systems
Ouarda, Lounis
Malika, Bourenane
Yousfi, Nacer Eddine
Brahim, Bouderah
[J]. JOURNAL OF INTELLIGENT SYSTEMS, 2022, 31 (01) : 835 - 854
[8] IMPROVING EFFICIENCY AND RELIABILITY OF GUNSHOT DETECTION SYSTEMS
Ahmed, Talal
Uppal, Momin
Muhammad, Abubakr
[J]. 2013 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH AND SIGNAL PROCESSING (ICASSP), 2013, : 513 - 517
[9] Improving the detection efficiency in nuclear emulsion trackers
Alexandrov, A.
Bozza, C.
Buonaura, A.
Consiglio, L.
D'Ambrosio, N.
De Lellis, G.
De Serio, M.
Di Capua, F.
Di Crescenzo, A.
Di Ferdinando, D.
Di Marco, N.
Fini, R. A.
Galati, G.
Giacomelli, G.
Grella, G.
Hosseini, B.
Kose, U.
Lauria, A.
Longhin, A.
Mandrioli, G.
Mauri, N.
Medinaceli, E.
Montesi, M. C.
Paoloni, A.
Pastore, A.
Patrizii, L.
Pozzato, M.
Pupilli, F.
Rescigno, R.
Roda, M.
Rosa, G.
Schembri, A.
Shchedrina, T.
Simone, S.
Sioli, M.
Sirignano, C.
Sirri, G.
Spinetti, M.
Stellacci, S. M.
Tenti, M.
Tioukov, V.
[J]. NUCLEAR INSTRUMENTS & METHODS IN PHYSICS RESEARCH SECTION A-ACCELERATORS SPECTROMETERS DETECTORS AND ASSOCIATED EQUIPMENT, 2015, 776 : 45 - 49
[10] USE AND MISUSE OF EFFICIENCY CONTROLS
JASINSKY, FJ
[J]. HARVARD BUSINESS REVIEW, 1956, 34 (04) : 105 - 112

← 1 2 3 4 5 →