DocumentCode
3712782
Title
A diagnosis based intrusion detection approach
Author
Conner Jackson;Karl Levitt;Jeff Rowe;Srikanth Krishnamurthy;Trent Jaeger;Ananthram Swami
Author_Institution
Dept. of Computer Science, University of California Davis, USA
fYear
2015
Firstpage
929
Lastpage
934
Abstract
We describe preliminary work on a novel detection approach, which we call diagnosis-enabled intrusion detection (DEID), which takes a stream of evidence from multiple sources, aggregates the evidence and uses it to arrive at the “best” explanation for the observed activity. This approach requires the solution of four key scientific challenges: (i) a theory and algorithms for monitor placement that covers all system layers to prevent attackers from evading detection even when launching zero-day attacks; (ii) evidence collection for producing useful aggregated evidence from system actions in real-time without adversely affecting the mission; (iii) a theory of diagnosis detection for filtering and correlating evidence to test hypotheses regarding mission impact, producing both diagnoses and explanations of their causes; and (iv) diagnosis presentation for conveying explanations to domain experts to produce new knowledge to act on previously-unknown attacks effectively and to respond effectively to identified attacks that preserve mission requirements.
Keywords
"Diseases","Intrusion detection","Surveillance","Computer security","Computer science"
Publisher
ieee
Conference_Titel
Military Communications Conference, MILCOM 2015 - 2015 IEEE
Type
conf
DOI
10.1109/MILCOM.2015.7357564
Filename
7357564
Link To Document