Abstract
In this paper, we first show that traditional IDSs cannot reach the minimal cost design from the auditing viewpoints. Then we propose the definition of design architecture of IDSIC (Intrusion Detection System with Identification Capability ). In IDSIC, its architecture consists of a new detection engine that can examine packet headers, which provide a separability of security auditors and hackers. With this architecture, we will reduce the cost of false alarms, either positive or negative false alarms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D. Anderson, T. Frivold, and A. Valdes (1995). Next-generation Intrusion Detection Expert System (NIDES) A Summary. Technical Report SRI-CSL-95-07, SRI Computer Science Laboratory, May.
D. E. Denning (1987), An intrusion-detection model. IEEE Trans. on Software Enginering, vol. SE-13, no.2, pages 222V232, February.
D. Dean, M. Franklin, and A. Stubblefield (2001). An algebraic approach to ip traceback. In Network and Distributed System Security Symposium, NDSS '01, February.
H. Krawczyk, M. Bellare, and R. Canetti (1997). HMAC: Keyed-Hashing for Message Authentication. Internet RFC 2104, February.
J. Cannady (2000). An Adaptive Neural Network Approach to Intrusion Detection and Response. Ph.D Thesis, Nova Southeastern University.
J. Hochberg, K. Jackson, and C. Stallings et al. Nadir (1993): An automated system for detecting network intrusion and misuse. In Computers and Security, vol.12, no.3, pages 235–248, May.
L. Heberlein, G. Dias, and K. Levitt (1990). A Network Security Monitor. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 296–304, May.
M. Bellare, R. Canetti, and H. Krawczyk (1996). Message authentication using hash functions: The HMAC construction. In RSA Laboratories' CryptoBytes Vol. 2, No. 1, Spring.
R. A. Whitehurst (1987). Expert systems in intrusion-detection: A case study. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California, November.
S. Savage, D. Wetherall, A. Karlin, and T. Anderson (2000). Practical network support for IP traceback. In 2000 ACM SIG-COMM Conference, August.
S. Snapp, J. Brentano, and G. Dias (1991). DIDS (Distributed Intrusion Detection System) — Motivation, Architecture, and An Early Prototype. In Proc., 14th National Computer Security Conference, Washington, DC, pages 167–176, October.
W. Fan, W. Lee, S. Stolfo, and M. Miller (2000). A multiple model cost-sensitive approach for intrusion detection. In Proc. Eleventh European Conference of Machine Learning, pages 148–156, Barcelona Spain, May.
W. Lee, M. Miller, and S. Stolfo (2000). Toward costsensitive modeling for intrusion detection. Technical Report CUCS-002-00, Computer Science.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer Science+Business Media, Inc.
About this chapter
Cite this chapter
Chen, PT., Tseng, B., Laih, CS. (2005). A Modeling of Intrusion Detection Systems with Identification Capability. In: Lee, D.T., Shieh, S.P., Tygar, J.D. (eds) Computer Security in the 21st Century. Springer, Boston, MA. https://doi.org/10.1007/0-387-24006-3_9
Download citation
DOI: https://doi.org/10.1007/0-387-24006-3_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24005-3
Online ISBN: 978-0-387-24006-0
eBook Packages: Computer ScienceComputer Science (R0)