Analyzing Root Causes of Intrusion Detection False-Negatives: Methodology and Case Study

被引：1

作者：

Ficke, Eric ^{[1
]}

Schweitzer, Kristin M. ^{[2
]}

Bateman, Raymond M. ^{[2
]}

Xu, Shouhuai ^{[1
]}

机构：

[1] Univ Texas San Antonio, Dept Comp Sci, San Antonio, TX 78249 USA

[2] US Army Res Lab South Cyber, Aberdeen Proving Ground, MD USA

来源：

MILCOM 2019 - 2019 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM) | 2019年

基金：

美国国家科学基金会;

关键词：

Intrusion Detection; Intrusion Detection Systems; Root Cause Analysis; False Negatives; Snort; Suricata; Flow-based Intrusion Detection;

D O I：

10.1109/milcom47813.2019.9020860

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Intrusion Detection Systems (IDSs) are a necessary cyber defense mechanism. Unfortunately, their capability has fallen behind that of attackers. This motivates us to improve our understanding of the root causes of their false-negatives. In this paper we make a first step towards the ultimate goal of drawing useful insights and principles that can guide the design of next-generation IDSs. Specifically, we propose a methodology for analyzing the root causes of IDS false-negatives and conduct a case study based on Snort and a real-world dataset of cyber attacks. The case study allows us to draw useful insights.

引用

页数：6

共 50 条

[1] DETECTION OF FALSE-NEGATIVES IN COLIFORM TESTING OF MARINE AND ELEVATED-TEMPERATURE WATER SAMPLES
OLSON, BH
MADDOCKS, N
PRATTE, J
JOURNAL OF APPLIED BACTERIOLOGY, 1976, 41 (03): : R14 - R14
[2] Component processes of detection probability in camera-trap studies: understanding the occurrence of false-negatives
Melanie A. Findlay
Robert A. Briers
Patrick J. C. White
Mammal Research, 2020, 65 : 167 - 180
[3] Component processes of detection probability in camera-trap studies: understanding the occurrence of false-negatives
Findlay, Melanie A.
Briers, Robert A.
White, Patrick J. C.
MAMMAL RESEARCH, 2020, 65 (02) : 167 - 180
[4] Reducing False Negatives in Intelligent Intrusion Detection Decision Response System
Kai HongMei
Liu XiaoJie
Liu YaFei
Zhou Lin
MEASURING TECHNOLOGY AND MECHATRONICS AUTOMATION IV, PTS 1 AND 2, 2012, 128-129 : 676 - +
[5] False negatives in glaucoma case-detection.
Murdock, IE
Theodossiades, J
Ieong, A
Gauld, T
INVESTIGATIVE OPHTHALMOLOGY & VISUAL SCIENCE, 2001, 42 (04) : S155 - S155
[6] Analysis of false-negatives in exfoliative cytology in oral potentially malignant disorders: A retrospective cohort study
Ishii, Shigeru
Sakaguchi, Wakako
Sugai, Masafune
Nagumo, Tatsuhito
Koeda, Satoko
Ozawa, Manami
Kitamura, Toru
Yamamura, Makiko
Akiyama, Hiroki
Tsukinoki, Keiichi
Nakamura, Atsushi
JOURNAL OF STOMATOLOGY ORAL AND MAXILLOFACIAL SURGERY, 2022, 123 (05) : E390 - E395
[7] Environmental Awareness Intrusion Detection and Prevention System toward reducing False Positives and False Negatives
Sourour, Meharouech
Adel, Bouhoula
Tarek, Abbes
IEEE SYMPOSIUM ON COMPUTATIONAL INTELLIGENCE IN CYBER SECURITY, 2009, : 107 - 114
[8] Statistical Analysis of False Positives and False Negatives from Real Traffic with Intrusion Detection/Prevention Systems
Ho, Cheng-Yuan
Lai, Yuan-Cheng
Chen, I-Wei
Wang, Fu-Yu
Tai, Wei-Hsuan
IEEE COMMUNICATIONS MAGAZINE, 2012, 50 (03) : 146 - 154
[9] Creditability-based weighted voting for reducing false positives and negatives in intrusion detection
Lin, Ying-Dar
Lai, Yuan-Cheng
Ho, Cheng-Yuan
Tai, Wei-Hsuan
COMPUTERS & SECURITY, 2013, 39 : 460 - 474
[10] INCREASES IN VOLTAGE MAY PRODUCE FALSE-NEGATIVES WHEN USING TRANSCRANIAL MOTOR EVOKED POTENTIALS TO DETECT AN ISOLATED NERVE ROOT INJURY
Lyon, Russ
Gibson, Anthony
Burch, Shane
Lieberman, Jeremy
JOURNAL OF CLINICAL MONITORING AND COMPUTING, 2010, 24 (06) : 441 - 448

← 1 2 3 4 5 →