集成网络误用和异常防范

2008 6th IEEE International Conference on Industrial Informatics Pub Date : 2008-07-13 DOI:10.1109/INDIN.2008.4618168

Y.K. Penva, P. G. Bringas

{"title":"集成网络误用和异常防范","authors":"Y.K. Penva, P. G. Bringas","doi":"10.1109/INDIN.2008.4618168","DOIUrl":null,"url":null,"abstract":"Network intrusion detection systems (NIDS) aim at preventing network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, NIDS can be oriented to detect misuses (by defining all possible attacks) or anomalies (by modelling legitimate behaviour to find those that do not fit into that model). Still, since their problem knowledge is restricted to possible attacks, misuse detection fails to notice anomalies and vice versa. Against this background, this paper proposes a third alternative that hybrids misuse and anomaly prevention. In this way, ESIDE-Depian uses a Bayesian network to learn from both anomaly and misuse knowledge in order to be able to detect either kind of attacks, known and unknown. Finally, we evaluate ESIDE-Depian against all kind of menaces to prove in which degree it has been achieved to integrate both approaches.","PeriodicalId":112553,"journal":{"name":"2008 6th IEEE International Conference on Industrial Informatics","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Integrating network misuse and anomaly prevention\",\"authors\":\"Y.K. Penva, P. G. Bringas\",\"doi\":\"10.1109/INDIN.2008.4618168\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network intrusion detection systems (NIDS) aim at preventing network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, NIDS can be oriented to detect misuses (by defining all possible attacks) or anomalies (by modelling legitimate behaviour to find those that do not fit into that model). Still, since their problem knowledge is restricted to possible attacks, misuse detection fails to notice anomalies and vice versa. Against this background, this paper proposes a third alternative that hybrids misuse and anomaly prevention. In this way, ESIDE-Depian uses a Bayesian network to learn from both anomaly and misuse knowledge in order to be able to detect either kind of attacks, known and unknown. Finally, we evaluate ESIDE-Depian against all kind of menaces to prove in which degree it has been achieved to integrate both approaches.\",\"PeriodicalId\":112553,\"journal\":{\"name\":\"2008 6th IEEE International Conference on Industrial Informatics\",\"volume\":\"76 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-07-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 6th IEEE International Conference on Industrial Informatics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INDIN.2008.4618168\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 6th IEEE International Conference on Industrial Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDIN.2008.4618168","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

网络入侵检测系统(NIDS)旨在防止网络攻击和未经授权的远程使用计算机。更准确地说，根据它所针对的攻击类型，NIDS可以定向检测滥用(通过定义所有可能的攻击)或异常(通过对合法行为进行建模以发现那些不符合该模型的行为)。但是，由于它们的问题知识仅限于可能的攻击，因此误用检测无法注意到异常，反之亦然。在此背景下，本文提出了误用与异常预防相结合的第三种方案。通过这种方式，side - depian使用贝叶斯网络从异常和误用知识中学习，以便能够检测已知和未知的任何一种攻击。最后，我们评估了side - depian对各种威胁的影响，以证明在何种程度上实现了两种方法的整合。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Integrating network misuse and anomaly prevention

Network intrusion detection systems (NIDS) aim at preventing network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, NIDS can be oriented to detect misuses (by defining all possible attacks) or anomalies (by modelling legitimate behaviour to find those that do not fit into that model). Still, since their problem knowledge is restricted to possible attacks, misuse detection fails to notice anomalies and vice versa. Against this background, this paper proposes a third alternative that hybrids misuse and anomaly prevention. In this way, ESIDE-Depian uses a Bayesian network to learn from both anomaly and misuse knowledge in order to be able to detect either kind of attacks, known and unknown. Finally, we evaluate ESIDE-Depian against all kind of menaces to prove in which degree it has been achieved to integrate both approaches.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 6th IEEE International Conference on Industrial Informatics

自引率

0.00%

发文量

期刊最新文献

Safety supervision layer A feature selection method for Automated Visual Inspection systems Performances linkages between an airport and the Air Cargo Supply Chain — Evidences from Hong Kong and Singapore Kinematics control for a 6-DOF space manipulator based on ARM processor and FPGA Co-processor Remote robot control system based on DTMF of mobile phone