A risk-sensitive intrusion detection model

Authors:
Hai Jin;Jianhua Sun;Hao Chen;Zongfen Han
Affiliations:
Internet and Cluster Computing Center, Huazhong University of Science and Technology, Wuhan, China;Internet and Cluster Computing Center, Huazhong University of Science and Technology, Wuhan, China;Internet and Cluster Computing Center, Huazhong University of Science and Technology, Wuhan, China;Internet and Cluster Computing Center, Huazhong University of Science and Technology, Wuhan, China
Venue:
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Year:
2002

Citing 14
Cited 0

Computer immunology

Communications of the ACM
Temporal sequence learning and data reduction for anomaly detection

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Temporal sequence learning and data reduction for anomaly detection

ACM Transactions on Information and System Security (TISSEC)
The base-rate fallacy and the difficulty of intrusion detection

ACM Transactions on Information and System Security (TISSEC)
Toward cost-sensitive modeling for intrusion detection and response

Journal of Computer Security
Anomaly Detection over Noisy Data using Learned Probability Distributions

ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
A New Intrusion Detection Method based on Process Profiling

SAINT '02 Proceedings of the 2002 Symposium on Applications and the Internet
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Evaluation of Intrusion Detectors: A Decision Theory Approach

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A study in using neural networks for anomaly and misuse detection

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection using sequences of system calls

Journal of Computer Security
Probabilistic techniques for intrusion detection based on computer audit data

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Detecting and displaying novel computer attacks with Macroscope

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion detection systems (IDSs) must meet the security goals while minimizing risks of wrong detections. In this paper, we study the issue of building a risk-sensitive intrusion detection model. To determinate whether a system calls sequence is normal or not, we consider not only the probability of this sequence belonging to normal sequences set or intrusion sequences set, but also the risk of a false detection. We define the risk model to formulate the expected risk of an intrusion detection decision, and present risk-sensitive machine learning techniques that can produce detection model to minimize the risks of false negatives and false positives. Meanwhile, this model is a hybrid model that combines misuse intrusion detection and anomaly intrusion detection. To achieve a satisfying performance, some techniques are applied to extend this model.