Revealing Method for the Intrusion Detection System

TL;DR

This paper introduces a unified mathematical formalism for intrusion detection systems, modeling system behavior with state machines to improve detection of security violations and attacks.

Contribution

It proposes a novel formalism that unifies misuse and anomaly detection models using state machines for enhanced intrusion detection capabilities.

Findings

Formalism enables merging different detection models.

Improves detection of security violations.

Defines system behavior with state machines.

Abstract

The goal of an Intrusion Detection is inadequate to detect errors and unusual activity on a network or on the hosts belonging to a local network by monitoring network activity. Algorithms for building detection models are broadly classified into two categories, Misuse Detection and Anomaly Detection. The proposed approach should be taken into account, as the security system violations caused by both incompliance with the security policy and attacks on the system resulting in the need to describe models. However, it is based on unified mathematical formalism which is provided for subsequent merger of the models. The above formalism in this paper presents a state machine describing the behavior of a system subject. The set of intrusion description models is used by the evaluation module and determines the likelihood of undesired actions the system is capable of detecting. The number of attacks which are not described by models determining the completeness of detection by the IDS linked to the ability of detecting security violations.