語系:
繁體中文
English
說明(常見問題)
回圖書館首頁
手機版館藏查詢
登入
回首頁
切換:
標籤
|
MARC模式
|
ISBD
Loss-sensitive decision rules for in...
~
Wang, Jia.
FindBook
Google Book
Amazon
博客來
Loss-sensitive decision rules for intrusion detection and response.
紀錄類型:
書目-電子資源 : Monograph/item
正題名/作者:
Loss-sensitive decision rules for intrusion detection and response./
作者:
Wang, Jia.
面頁冊數:
178 p.
附註:
Source: Dissertation Abstracts International, Volume: 65-06, Section: B, page: 3010.
Contained By:
Dissertation Abstracts International65-06B.
標題:
Computer Science. -
電子資源:
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3138087
ISBN:
0496852574
Loss-sensitive decision rules for intrusion detection and response.
Wang, Jia.
Loss-sensitive decision rules for intrusion detection and response.
- 178 p.
Source: Dissertation Abstracts International, Volume: 65-06, Section: B, page: 3010.
Thesis (Ph.D.)--University of Pennsylvania, 2004.
When large numbers of alerts are reported by intrusion detection (ID) systems in very fine granularity, it prevents system administrators from handling the alerts effectively. This in turn degrades the usability of an intrusion detection system. Aside from detection, timely responses of intrusions are also critical to lower the risks brought by online attacks.
ISBN: 0496852574Subjects--Topical Terms:
626642
Computer Science.
Loss-sensitive decision rules for intrusion detection and response.
LDR
:03733nmm 2200313 4500
001
1844578
005
20051017073524.5
008
130614s2004 eng d
020
$a
0496852574
035
$a
(UnM)AAI3138087
035
$a
AAI3138087
040
$a
UnM
$c
UnM
100
1
$a
Wang, Jia.
$3
1286108
245
1 0
$a
Loss-sensitive decision rules for intrusion detection and response.
300
$a
178 p.
500
$a
Source: Dissertation Abstracts International, Volume: 65-06, Section: B, page: 3010.
500
$a
Supervisors: Insup Lee; Linda Zhao.
502
$a
Thesis (Ph.D.)--University of Pennsylvania, 2004.
520
$a
When large numbers of alerts are reported by intrusion detection (ID) systems in very fine granularity, it prevents system administrators from handling the alerts effectively. This in turn degrades the usability of an intrusion detection system. Aside from detection, timely responses of intrusions are also critical to lower the risks brought by online attacks.
520
$a
The goal of the dissertation is to improve alert accuracy and to develop decision rules for alert response while minimizing risks brought by online attacks. The dissertation mainly consists of three parts: (1) We propose a general scheme based on supervised machine learning techniques that can be used to estimate the posterior probability of alerts, as required by decision rule methodology. In addition, the scheme brings alert information from disparate sources together to achieve higher accuracy. Although we only focus on combining misuse and anomaly alert information from ID systems in our study, it should not be difficult to extend the scheme to include alerts from other security devices, firewalls, VPNs or auditing tools. The scheme also makes anomaly ID systems more useful by providing contextual information to anomaly alerts to lower the cost of alert handling. (2) We define loss in each attack category through user-specific asset value levels of the target systems on the aspects of confidentiality, integrity and availability together with the attack impact levels on the same three aspects. Based on the definition of loss functions and the estimation of posterior probability, we present the decision rule methodology for alert response to minimize the risks brought by online attacks. Since there is no way to eliminate false positives completely, decision rules help us to cope with them by taking the responsive action with minimal risk. (3) To evaluate the effectiveness of the proposed scheme, we carry out experiments using realistic attack traces. Since there are no widely available attack traces with good attack coverage and adequate numbers of attack instances, we generate realistic attack traces through the selection of typical attacks and the design of attack scenarios that reflect the real world. A representative combination of attacks is selected according to their typical attacking methods and the frequencies of their presence on the Internet. Outside experts with intensive hacking knowledge were invited to define hackers' behavior in the 5 days' simulation period based on empirical analysis of hacker personalities. The overall attack scenario consists of multiple interleaved simultaneous hacking activities. The result of our data analysis demonstrates the decision rule methodology and shows how accuracy of alerts is improved by combining disparate alerts.
590
$a
School code: 0175.
650
4
$a
Computer Science.
$3
626642
650
4
$a
Statistics.
$3
517247
650
4
$a
Artificial Intelligence.
$3
769149
690
$a
0984
690
$a
0463
690
$a
0800
710
2 0
$a
University of Pennsylvania.
$3
1017401
773
0
$t
Dissertation Abstracts International
$g
65-06B.
790
1 0
$a
Lee, Insup,
$e
advisor
790
1 0
$a
Zhao, Linda,
$e
advisor
790
$a
0175
791
$a
Ph.D.
792
$a
2004
856
4 0
$u
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3138087
筆 0 讀者評論
館藏地:
全部
電子資源
出版年:
卷號:
館藏
1 筆 • 頁數 1 •
1
條碼號
典藏地名稱
館藏流通類別
資料類型
索書號
使用類型
借閱狀態
預約狀態
備註欄
附件
W9194092
電子資源
11.線上閱覽_V
電子書
EB
一般使用(Normal)
在架
0
1 筆 • 頁數 1 •
1
多媒體
評論
新增評論
分享你的心得
Export
取書館
處理中
...
變更密碼
登入