Toward Using Plan Recognition for Intrusion Detection
نویسنده
چکیده
This paper identifies some of the assumptions that prevent the effective application of existing plan recognition technology to intrusion detection in computer systems. It then presents a new algorithm for plan recognition that does not have these limitations.
منابع مشابه
Alert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملPlan Recognition in Intrusion Detection Systems
To be effective, current intrusion detection systems (IDSs) must incorporate artificial intelligence methods for plan recognition. Plan recognition is critical both to predicting the future actions of attackers and planning appropriate responses to their actions. However network security places a new set of requirements on plan recognition. In this paper we present an argument for including pla...
متن کاملLexical Ambiguity and its Impact on Plan Recognition for Intrusion Detection
Viewing intrusion detection as a problem of plan recognition presents unique problems. Real world security domains are highly ambiguous and this creates significant problems for plan recognition. This paper distinguishes three sources of ambiguity: action ambiguity, syntactic ambiguity and attachment ambiguity. Previous work in plan recognition has often conflated these different sources of amb...
متن کاملA Logical Framework for Plan Recognition for Intrusion Detection
This document describes the results of our work during the first two years of our PhD. studies. The aim of our PhD. thesis is the development of a methodology for automated intrusion detection based on attack plan recognition, and therefore, the design of a general framework for the characterization and theoretical investigation of the plan recognition problem in adversarial scenarios. In the A...
متن کاملA Comprehensive Simulation Platform for Intrusion Detection in Distributed Systems
This paper 1 describes the simulation of an attack recognition system in a distributed environment. The underlying technique of attack recognition is based on assertion checking. An auxiliary process called watchdog queries the users for a scope-le, from which an as-sertable plan called Sprint plan is generated. The sprint plan consists of carefully derived assertions, which forms the basis for...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009