CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Implications of IDS Classification on Attack Detection

Consolidation and Evaluation of IDS Taxonomies

Magnus Almgren (Institutionen för datorteknik, Datasäkerhet) ; Emilie Lundin (Institutionen för datorteknik, Datasäkerhet) ; Erland Jonsson (Institutionen för datorteknik, Datasäkerhet)
Nordic Workshop on Secure IT Systems (NordSec) p. 57--70. (2003)
[Konferensbidrag, refereegranskat]

Accurate taxonomies are critical for the advancement of research fields. Taxonomies for intrusion detection systems (IDSs) are not fully agreed upon, and further lack convincing motivation of their categories. We survey and summarize previously made taxonomies for intrusion detection. Focusing on categories relevant for detection methods, we extract commonly used concepts and define three new attributes: the reference model type, the reference model generation process, and the reference model updating strategy. Using our framework, the range of previously used terms can easily be explained. We study the usefulness of these attributes with two empirical evaluations. Firstly, we use the taxonomy to create a survey of existing research IDSs, with a successful result, i.e. the IDSs are well scattered in the defined space. Secondly, we investigate whether we can reason about the detection capability based on detection method classes, as defined by our framework. We establish that different detection methods vary in their capability to detect specific attack types. The reference model type seems better suited than reference model generation process for such reasoning. However, our results are tentative and based on a relatively small number of attacks.

Nyckelord: intrusion detection, taxonomy, classification, detection methods

Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2006-09-12. Senast ändrad 2015-02-26.
CPL Pubid: 2347


Läs direkt!

Lokal fulltext (fritt tillgänglig)

Institutioner (Chalmers)

Institutionen för datorteknik, Datasäkerhet (2002-2004)


Informations- och kommunikationsteknik
Information Technology

Chalmers infrastruktur

Relaterade publikationer

Denna publikation ingår i:

Intrusion Detection and Protection of Application Servers

Techniques for Improving Intrusion Detection