東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Loss-sensitive decision rules for in...

Wang, Jia.

Linked to FindBook

Google Book

Amazon

博客來

Loss-sensitive decision rules for intrusion detection and response.

Record Type:	Electronic resources : Monograph/item
Title/Author:	Loss-sensitive decision rules for intrusion detection and response./
Author:	Wang, Jia.
Description:	178 p.
Notes:	Source: Dissertation Abstracts International, Volume: 65-06, Section: B, page: 3010.
Contained By:	Dissertation Abstracts International65-06B.
Subject:	Computer Science. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3138087
ISBN:	0496852574

Loss-sensitive decision rules for intrusion detection and response.
Wang, Jia.

Loss-sensitive decision rules for intrusion detection and response. - 178 p.

Source: Dissertation Abstracts International, Volume: 65-06, Section: B, page: 3010.

Thesis (Ph.D.)--University of Pennsylvania, 2004.

When large numbers of alerts are reported by intrusion detection (ID) systems in very fine granularity, it prevents system administrators from handling the alerts effectively. This in turn degrades the usability of an intrusion detection system. Aside from detection, timely responses of intrusions are also critical to lower the risks brought by online attacks.

ISBN: 0496852574Subjects--Topical Terms:

626642
Computer Science.

Loss-sensitive decision rules for intrusion detection and response.
LDR:03733nmm 2200313 4500 001 1844578
005 20051017073524.5
008 130614s2004 eng d
020 $a 0496852574
035 $a (UnM)AAI3138087
035 $a AAI3138087
040 $a UnM $c UnM
100 1 $a Wang, Jia. $3 1286108
245 1 0 $a Loss-sensitive decision rules for intrusion detection and response.
300 $a 178 p.
500 $a Source: Dissertation Abstracts International, Volume: 65-06, Section: B, page: 3010.
500 $a Supervisors: Insup Lee; Linda Zhao.
502 $a Thesis (Ph.D.)--University of Pennsylvania, 2004.
520 $a When large numbers of alerts are reported by intrusion detection (ID) systems in very fine granularity, it prevents system administrators from handling the alerts effectively. This in turn degrades the usability of an intrusion detection system. Aside from detection, timely responses of intrusions are also critical to lower the risks brought by online attacks.
520 $a The goal of the dissertation is to improve alert accuracy and to develop decision rules for alert response while minimizing risks brought by online attacks. The dissertation mainly consists of three parts: (1) We propose a general scheme based on supervised machine learning techniques that can be used to estimate the posterior probability of alerts, as required by decision rule methodology. In addition, the scheme brings alert information from disparate sources together to achieve higher accuracy. Although we only focus on combining misuse and anomaly alert information from ID systems in our study, it should not be difficult to extend the scheme to include alerts from other security devices, firewalls, VPNs or auditing tools. The scheme also makes anomaly ID systems more useful by providing contextual information to anomaly alerts to lower the cost of alert handling. (2) We define loss in each attack category through user-specific asset value levels of the target systems on the aspects of confidentiality, integrity and availability together with the attack impact levels on the same three aspects. Based on the definition of loss functions and the estimation of posterior probability, we present the decision rule methodology for alert response to minimize the risks brought by online attacks. Since there is no way to eliminate false positives completely, decision rules help us to cope with them by taking the responsive action with minimal risk. (3) To evaluate the effectiveness of the proposed scheme, we carry out experiments using realistic attack traces. Since there are no widely available attack traces with good attack coverage and adequate numbers of attack instances, we generate realistic attack traces through the selection of typical attacks and the design of attack scenarios that reflect the real world. A representative combination of attacks is selected according to their typical attacking methods and the frequencies of their presence on the Internet. Outside experts with intensive hacking knowledge were invited to define hackers' behavior in the 5 days' simulation period based on empirical analysis of hacker personalities. The overall attack scenario consists of multiple interleaved simultaneous hacking activities. The result of our data analysis demonstrates the decision rule methodology and shows how accuracy of alerts is improved by combining disparate alerts.
590 $a School code: 0175.
650 4 $a Computer Science. $3 626642
650 4 $a Statistics. $3 517247
650 4 $a Artificial Intelligence. $3 769149
690 $a 0984
690 $a 0463
690 $a 0800
710 2 0 $a University of Pennsylvania. $3 1017401
773 0 $t Dissertation Abstracts International $g 65-06B.
790 1 0 $a Lee, Insup, $e advisor
790 1 0 $a Zhao, Linda, $e advisor
790 $a 0175
791 $a Ph.D.
792 $a 2004
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3138087