Abstract
Two main approaches for network intrusion detection are misuse detection [6] and anomaly detection [11]. The limitation of the misuse approach is that cannot effectively detect new patterns of intrusions that are not precisely encoded in the system [11]. The anomaly detection approach usually produces a large number of false alarms [1, 7]. In addition, anomaly detection requires intensive computations on a large amount of training data to characterize normal behavior patterns. In this paper, we try to apply interval technology to enhance network intrusion detection systems (IDS). By storing network state data into interval valued bi-temporal database, we better sample the stream of network states. We represent the likelihood of intrusions associated with an m × n interval valued rule matrix that can be obtained from the database with relatively low computational complexity. By grouping nearby patterns with intervals, we may significantly reduce false alarms. The script O sign(n) computational cost of maintaining the rules makes it possible to integrate the IDS with network management systems for almost real-time automatic network control. Our probabilistic approach with the rule matrix model can be further applied to study the pattern evolution of network intrusions.
| Original language | English (US) |
|---|---|
| Pages | 1444-1448 |
| Number of pages | 5 |
| DOIs | |
| State | Published - 2005 |
| Event | 20th Annual ACM Symposium on Applied Computing - Santa Fe, NM, United States Duration: Mar 13 2005 → Mar 17 2005 |
Other
| Other | 20th Annual ACM Symposium on Applied Computing |
|---|---|
| Country/Territory | United States |
| City | Santa Fe, NM |
| Period | 3/13/05 → 3/17/05 |
All Science Journal Classification (ASJC) codes
- Software