Towards an information-theoretic framework for analyzing intrusion detection systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
| Hi-index | 0.00 |
Intrusion detection technologies have well-known shortcomings, such as a very high false alarm rate and the ability to detect only a limited class of attacks on a limited set of system components. Specialized attack types on unique system components cannot be detected, and neither can application-specific attacks. Even generic attacks on operating systems and networks cannot be reliably detected. Moreover, today's technology does only poorly at detecting new attack types, whereas much effort goes into developing signatures indicative of known attacks.