|
|
|
Theorem-based, data-driven, cyber event detection Hively L., McDonald J. CSIIRW 2013 (Proceedings of the 8th Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, TN, Jan 8-10, 2013)1-4.2013.Type:Proceedings |
|
|
|
|
|
|
|
The design of intrusion detection systems remains a viable area of research, despite their existing positive effects on cyberspace protection in the literature [1,2,3]. Phase-space analysis techniques have been successful in sensing peculiar situations in cardiovascular signals [4], alerting patients to impending epileptic seizures, and detecting the potential failure of the rotor gearbox of helicopters. But can phase-space methods be used with noisy data timing in computers to dynamically uncover anomalous activities in cyberspace? This paper discusses the authors’ intention to investigate whether data from computers, such as changes in levels or rates of alternating and direct power, central processing unit (CPU) speed, disk drive and memory accesses, or network interface and graphics card activity, could be used to model normal operating failures in network systems. They conjecture that the profiles of noninvasive sensors might be predictors of failure in computers and may consequently reveal anomalous software execution. The authors propose combining the well-known theories of dynamical systems and time series analysis [4] to isolate false-positive and false-negative computer intrusion detections, to better alert network administrators. They convincingly detail the phase-space algorithms already used to successfully warn of impending seizures and failures in helicopters. However, the proposed research is apparently still in its infancy, given that the authors do not provide any concrete results of the relevance of phase-space study to cyberspace anomaly detection. Nevertheless, cyberspace security researchers ought to read this interesting paper and weigh in on the relevance of the theories of dynamical systems and time series analysis to the defense of Internet networks.
|
|
Reviewer:
Amos Olagunju |
Review #: CR141494
(1312-1139) |
|
|
1) |
Bass, T. Intrusion detection systems and multisensor data fusion. Communications of the ACM 43, 4(2000), 99–105. |
|
2) |
Ryu, Y. U.; Rhee, H.-S. Improving intrusion prevention models: dual-threshold and dual-filter approaches. INFORMS Journal on Computing 20, (2008), 356–367. |
|
3) |
Zhang, Z.; Shen, H. M-AID: an adaptive middleware built upon anomaly detectors for intrusion detection and rational response. ACM Transactions on Autonomous and Adaptive Systems 4, 4(2009), 1–35. |
|
4) |
Dutt, D. N.; Krishnan, S. M. Application of phase space technique to the analysis of cardiovascular signals. In Proc. of the 1st Joint BMES/EMBS Conference Serving Humanity, Advancing Technology (Atlanta, GA, ), IEEE, 1999, 914. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Other reviews under "Unauthorized Access": |
Date |
|
Testing and evaluating computer intrusion detection systems Durst R., Champion T., Witten B., Miller E., Spagnuolo L. Communications of the ACM 42(7): 53-61, 1999. Type: Article |
Aug 1 1999 |
|
Honeypots: tracking hackers Spitzner L., Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002. Type: Book (9780321108951) |
Jan 2 2003 |
|
Web hacking: attacks and defense McClure S., Shah S., Shah S., Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002. 492, Type: Book (9780201761764) |
Jul 25 2003 |
|
more... |
|
|
|
|
|
|
|
E-Mail
This
Printer-Friendly
|
|
|
|
|
|
|