Threat-model-driven runtime adaptation and evaluation of intrusion detection system
Proceedings of the 6th international conference on Autonomic computing, 2009•dl.acm.org
We present a mechanism for autonomous self-adaptation of a network-based intrusion
detection system (IDS). The system is composed of a set of cooperating agents, each of
which is based on an existing network behavior analysis method. The self adaptation
mechanism is based on the insertion of a small number of challenges, ie known instances of
past legitimate or malicious behavior. The response of individual system components to
these challenges is used to measure and eventually optimize the system performance in …
detection system (IDS). The system is composed of a set of cooperating agents, each of
which is based on an existing network behavior analysis method. The self adaptation
mechanism is based on the insertion of a small number of challenges, ie known instances of
past legitimate or malicious behavior. The response of individual system components to
these challenges is used to measure and eventually optimize the system performance in …
We present a mechanism for autonomous self-adaptation of a network-based intrusion detection system (IDS). The system is composed of a set of cooperating agents, each of which is based on an existing network behavior analysis method. The self adaptation mechanism is based on the insertion of a small number of challenges, i.e. known instances of past legitimate or malicious behavior. The response of individual system components to these challenges is used to measure and eventually optimize the system performance in terms of accuracy. In this work we show how to choose the challenges in a way such that the IDS attaches more importance to the detection of attacks that cause much damage.
ACM Digital Library以上显示的是最相近的搜索结果。 查看全部搜索结果