Novelty-Aware Attack Recognition – Intrusion Detection with Organic Computing Techniques

  • Dominik Fisch
  • Ferdinand Kastl
  • Bernhard Sick
Conference paper

DOI: 10.1007/978-3-642-15234-4_24

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 329)
Cite this paper as:
Fisch D., Kastl F., Sick B. (2010) Novelty-Aware Attack Recognition – Intrusion Detection with Organic Computing Techniques. In: Hinchey M. et al. (eds) Distributed, Parallel and Biologically Inspired Systems. IFIP Advances in Information and Communication Technology, vol 329. Springer, Berlin, Heidelberg

Abstract

A typical task of intrusion detection systems is to detect known kinds of attacks by analyzing network traffic. In this article, we will take a step forward and enable such a system to recognize very new kinds of attacks by means of novelty-awareness mechanisms. That is, an intrusion detection system will be able to recognize deficits in its own knowledge and to react accordingly. It will present a learned rule premise to the system administrator which will then be labeled, i.e., extended by an appropriate conclusion. In this article, we present new techniques for novelty-aware attack recognition based on probabilistic rule modeling techniques and demonstrate how these techniques can successfully be applied to intrusion benchmark data. The proposed novelty-awareness techniques may also be used in other application fields by intelligent technical systems (e.g., organic computing systems) to resolve problems with knowledge deficits in a self-organizing way.

Download to read the full conference paper text

Copyright information

© IFIP 2010

Authors and Affiliations

  • Dominik Fisch
    • 1
  • Ferdinand Kastl
    • 1
  • Bernhard Sick
    • 1
  1. 1.Computationally Intelligent Systems LabUniversity of PassauGermany

Personalised recommendations