Analyzing Root Causes of Intrusion Detection False-Negatives: Methodology and Case Study

被引:1
|
作者
Ficke, Eric [1 ]
Schweitzer, Kristin M. [2 ]
Bateman, Raymond M. [2 ]
Xu, Shouhuai [1 ]
机构
[1] Univ Texas San Antonio, Dept Comp Sci, San Antonio, TX 78249 USA
[2] US Army Res Lab South Cyber, Aberdeen Proving Ground, MD USA
来源
MILCOM 2019 - 2019 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM) | 2019年
基金
美国国家科学基金会;
关键词
Intrusion Detection; Intrusion Detection Systems; Root Cause Analysis; False Negatives; Snort; Suricata; Flow-based Intrusion Detection;
D O I
10.1109/milcom47813.2019.9020860
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Intrusion Detection Systems (IDSs) are a necessary cyber defense mechanism. Unfortunately, their capability has fallen behind that of attackers. This motivates us to improve our understanding of the root causes of their false-negatives. In this paper we make a first step towards the ultimate goal of drawing useful insights and principles that can guide the design of next-generation IDSs. Specifically, we propose a methodology for analyzing the root causes of IDS false-negatives and conduct a case study based on Snort and a real-world dataset of cyber attacks. The case study allows us to draw useful insights.
引用
收藏
页数:6
相关论文
共 50 条
  • [31] Case study: Visualization and information retrieval techniques for network intrusion detection
    Atkison, T
    Pensy, K
    Nicholas, C
    Ebert, D
    Atkison, R
    Morris, C
    DATA VISUALIZATION 2001, 2001, : 283 - +
  • [32] Rooting out the root causes of order fulfilment errors: a multiple case study
    Helm, Max
    Malikova, Alexandra
    Kembro, Joakim
    INTERNATIONAL JOURNAL OF PRODUCTION RESEARCH, 2024, 62 (11) : 3853 - 3871
  • [33] Root causes analysis for improved containment integrity in LPG storage: A case study
    Chakhrit, Ammar
    Guedri, Abdelmoumene
    Guetarni, Islam H. M.
    Bougofa, Mohammed
    Bouafia, Abderraouf
    Chennoufi, Mohammed
    Djelamda, Imene
    PROCESS SAFETY PROGRESS, 2025, 44 (01) : 104 - 113
  • [34] Experimental analysis of the root causes of performance evaluation results: A backfilling case study
    Feitelson, DG
    IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, 2005, 16 (02) : 175 - 182
  • [35] Statistical techniques for analyzing of soil vapor intrusion data: A case study of manufactured gas plant sites
    Singh, Anshuman
    Neuhauser, Edward F.
    Azzolina, Nicholas A.
    Distler, Mark
    Anders, Krista M.
    Doroski, Melissa A.
    Rabideau, Alan J.
    JOURNAL OF THE AIR & WASTE MANAGEMENT ASSOCIATION, 2013, 63 (02) : 219 - 229
  • [36] What causes reticence in publicly correcting false information online? A case study from the Philippines
    Asprer, Jessica
    Escalante, Eleanor Marie
    Opiniano, Jeremaiah
    ROMANIAN JOURNAL OF COMMUNICATION AND PUBLIC RELATIONS, 2024, 26 (02): : 57 - 75
  • [37] Abnormal wind speed detection and prediction: methodology and case study
    Yuting Yang
    Cong Zhang
    Kin-Man Lam
    Xin Sun
    Yu Xue
    Intelligent Marine Technology and Systems, 3 (1):
  • [38] Multi-Agent Reinforcement Learning for Intrusion Detection: A Case Study and Evaluation
    Servin, Arturo
    Kudenko, Daniel
    MULTIAGENT SYSTEM TECHNOLOGIES, PROCEEDINGS, 2008, 5244 : 159 - 170
  • [39] Multi-Agent Reinforcement Learning for Intrusion Detection: A case study and evaluation
    Servin, Arturo
    Kudenko, Daniel
    ECAI 2008, PROCEEDINGS, 2008, 178 : 873 - +
  • [40] Intrusion detection system resiliency to byzantine attacks: The case study of wormholes in OLSR
    Baras, John S.
    Radosavac, Svetlana
    Theodorakopoulos, George
    Sterne, Dan
    Budulas, Peter
    Gopaul, Richard
    2007 IEEE MILITARY COMMUNICATIONS CONFERENCE, VOLS 1-8, 2007, : 3471 - +
12345