Analyzing Root Causes of Intrusion Detection False-Negatives: Methodology and Case Study

被引:1
|
作者
Ficke, Eric [1 ]
Schweitzer, Kristin M. [2 ]
Bateman, Raymond M. [2 ]
Xu, Shouhuai [1 ]
机构
[1] Univ Texas San Antonio, Dept Comp Sci, San Antonio, TX 78249 USA
[2] US Army Res Lab South Cyber, Aberdeen Proving Ground, MD USA
来源
MILCOM 2019 - 2019 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM) | 2019年
基金
美国国家科学基金会;
关键词
Intrusion Detection; Intrusion Detection Systems; Root Cause Analysis; False Negatives; Snort; Suricata; Flow-based Intrusion Detection;
D O I
10.1109/milcom47813.2019.9020860
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Intrusion Detection Systems (IDSs) are a necessary cyber defense mechanism. Unfortunately, their capability has fallen behind that of attackers. This motivates us to improve our understanding of the root causes of their false-negatives. In this paper we make a first step towards the ultimate goal of drawing useful insights and principles that can guide the design of next-generation IDSs. Specifically, we propose a methodology for analyzing the root causes of IDS false-negatives and conduct a case study based on Snort and a real-world dataset of cyber attacks. The case study allows us to draw useful insights.
引用
收藏
页数:6
相关论文
共 50 条
  • [21] A Case Study on Using Deep Learning for Network Intrusion Detection
    Fernandez, Gabriel C.
    Xu, Shouhuai
    MILCOM 2019 - 2019 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM), 2019,
  • [22] A state transition model case study for intrusion detection systems
    d'Auriol, BJ
    Surapaneni, K
    SAM '04: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND MANAGEMENT, 2004, : 186 - 192
  • [23] Data mining tools -a case study for network intrusion detection
    Soodeh Hosseini
    Saman Rafiee Sardo
    Multimedia Tools and Applications, 2021, 80 : 4999 - 5019
  • [24] Intrusion Detection and Prevention in OpenStack: A Case Study on Enhancing Security and Threat Detection
    Adiwal S.
    Misbahuddin M.
    SN Computer Science, 4 (6)
  • [25] Chained Anomaly Detection Models for Federated Learning: An Intrusion Detection Case Study
    Preuveneers, Davy
    Rimmer, Vera
    Tsingenopoulos, Ilias
    Spooren, Jan
    Joosen, Wouter
    Ilie-Zudor, Elisabeth
    APPLIED SCIENCES-BASEL, 2018, 8 (12):
  • [26] Data mining tools -a case study for network intrusion detection
    Hosseini, Soodeh
    Sardo, Saman Rafiee
    MULTIMEDIA TOOLS AND APPLICATIONS, 2021, 80 (04) : 4999 - 5019
  • [27] High False Positive Detection of Security Vulnerabilities: A Case Study
    Nadeem, Muhammad
    Williams, Byron J.
    Allen, Edward B.
    PROCEEDINGS OF THE 50TH ANNUAL ASSOCIATION FOR COMPUTING MACHINERY SOUTHEAST CONFERENCE, 2012,
  • [28] A comparison of input representations in neural networks: A case study in intrusion detection
    Liu, Z
    Florez, G
    Bridges, SM
    PROCEEDING OF THE 2002 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS, VOLS 1-3, 2002, : 1708 - 1713
  • [29] A Novel Intrusion Detection Algorithm: An AODV Routing Protocol Case Study
    Vaseer, Gurveen
    Ghai, Garima
    Patheja, Pushpinder Singh
    2017 3RD IEEE INTERNATIONAL SYMPOSIUM ON NANOELECTRONIC AND INFORMATION SYSTEMS (INIS), 2017, : 111 - 116
  • [30] Troubleshooting an Intrusion Detection Dataset: the CICIDS2017 Case Study
    Engelen, Gints
    Rimmer, Vera
    Joosen, Wouter
    2021 IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (SPW 2021), 2021, : 7 - 12
12345