A diagnosis based intrusion detection approach

Conner Jackson, Karl Levitt, Jeff Rowe, Srikanth Krishnamurthy, Trent Jaeger, Ananthram Swami

Research output: Chapter in Book/Report/Conference proceedingConference contribution


We describe preliminary work on a novel detection approach, which we call diagnosis-enabled intrusion detection (DEID), which takes a stream of evidence from multiple sources, aggregates the evidence and uses it to arrive at the best explanation for the observed activity. This approach requires the solution of four key scientific challenges: (i) a theory and algorithms for monitor placement that covers all system layers to prevent attackers from evading detection even when launching zero-day attacks; (ii) evidence collection for producing useful aggregated evidence from system actions in real-time without adversely affecting the mission; (iii) a theory of diagnosis detection for filtering and correlating evidence to test hypotheses regarding mission impact, producing both diagnoses and explanations of their causes; and (iv) diagnosis presentation for conveying explanations to domain experts to produce new knowledge to act on previously-unknown attacks effectively and to respond effectively to identified attacks that preserve mission requirements.

Original languageEnglish (US)
Title of host publication2015 IEEE Military Communications Conference, MILCOM 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781509000739
StatePublished - Dec 14 2015
Event34th Annual IEEE Military Communications Conference, MILCOM 2015 - Tampa, United States
Duration: Oct 26 2015Oct 28 2015

Publication series

NameProceedings - IEEE Military Communications Conference MILCOM


Other34th Annual IEEE Military Communications Conference, MILCOM 2015
Country/TerritoryUnited States

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering


Dive into the research topics of 'A diagnosis based intrusion detection approach'. Together they form a unique fingerprint.

Cite this