Communications of the ACM
Temporal sequence learning and data reduction for anomaly detection
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
Anomaly Detection over Noisy Data using Learned Probability Distributions
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
A New Intrusion Detection Method based on Process Profiling
SAINT '02 Proceedings of the 2002 Symposium on Applications and the Internet
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Evaluation of Intrusion Detectors: A Decision Theory Approach
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection using sequences of system calls
Journal of Computer Security
Probabilistic techniques for intrusion detection based on computer audit data
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Detecting and displaying novel computer attacks with Macroscope
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Hi-index | 0.00 |
Intrusion detection systems (IDSs) must meet the security goals while minimizing risks of wrong detections. In this paper, we study the issue of building a risk-sensitive intrusion detection model. To determinate whether a system calls sequence is normal or not, we consider not only the probability of this sequence belonging to normal sequences set or intrusion sequences set, but also the risk of a false detection. We define the risk model to formulate the expected risk of an intrusion detection decision, and present risk-sensitive machine learning techniques that can produce detection model to minimize the risks of false negatives and false positives. Meanwhile, this model is a hybrid model that combines misuse intrusion detection and anomaly intrusion detection. To achieve a satisfying performance, some techniques are applied to extend this model.