Return to search

Attack-class-based analysis of intrusion detection systems

Designers of intrusion detection systems are often faced with the problem that their design fails to meet the specification because the actual implementation is not able to detect attacks as required. This work aims at addressing such shoncomings at an early stage of the design process. The proposed method provides guidance to intrusion detection systems designers by predicting whether or not a given design will be able to detect certain classes of attacks. Our method achieves this by introducing a classification of attacks and a description framework for intrusion detection systems. The attack classification and the description framework are defined at a common level of abstraction. and thereby form the basis for our analysis method which determines the attack classes that a given intrusion detection system design can detect. Intrusion detection system designers can use these results to determine where the design meets the specification and where it does not. These insights facilitate a more systematic and effective design process because they can be gained at an early stage of the design process without the need of actually implementing the design. Finally. we show how our approach to intrusion detection system design analysis can be validated and how the analysis results can be used for further applications such as guiding the design of intrusion detection architectures that combine diverse intrusion detection systems.

Identiferoai:union.ndltd.org:bl.uk/oai:ethos.bl.uk:402148
Date January 2004
CreatorsAlessandri, Dominique
PublisherUniversity of Newcastle Upon Tyne
Source SetsEthos UK
Detected LanguageEnglish
TypeElectronic Thesis or Dissertation
Sourcehttp://hdl.handle.net/10443/2094

Page generated in 0.0025 seconds