CAREER: Adaptive Intrusion Detection Systems

职业：自适应入侵检测系统

• 批准号: 0133629
• 负责人: Wenke Lee
• 金额: $ 35万
• 依托单位: Georgia Tech Research Corporation
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2002
• 资助国家: 美国
• 起止时间: 2002-08-15 至 2008-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0133629&HistoricalAwards=false
• 关键词: CAREER; Adaptive; Intrusion; Detection; Systems

Intrusion detection is a critical component of the defense-in-depthnetwork security mechanisms. Current intrusion detection systems(IDSs) are ineffective against new and sophisticated attacks.The key objective of this research project is to develop thealgorithms, tools, and system architecture for adaptive IDSs. Anadaptive IDS needs to detect new attacks and adjust to changes innormal operations. Towards this end, an information-theoretic basedanomaly detection framework is investigated. The approach is to firstcompute the regularity of normal data using information-theoreticmeasures, then select features and construct a detection modelaccording to the regularity measures. An adaptive IDS needs to alsoself-monitor its run-time workload and performance, and dynamicallyreconfigure its components to provide the best detection capabilitygiven the limited resources. Towards this end, performance monitoring,load-shedding, attack scenario analysis, and cost-benefit analysistechniques are investigated.Through the publications and algorithms and tools from this research,researchers and practitioners can learn the benefits and techniques ofadaptive IDSs. This research also makes important contributions torelated fields, e.g., survivable network systems and smartauditing. Ultimately, the society will benefit from the more effectiveand robust security mechanisms.

入侵检测是深度防御网络安全机制的重要组成部分。现有的入侵检测系统（IDS）对新的、复杂的攻击是无效的，本研究的主要目标是开发自适应IDS的算法、工具和系统结构。一个自适应的入侵检测系统需要检测新的攻击，并根据正常操作的变化进行调整。为此，研究了一个基于信息论的异常检测框架。该方法首先利用信息论测度计算正态数据的正则性，然后根据正则性测度选择特征并构造检测模型。一个自适应的IDS还需要自我监控其运行时的工作负载和性能，并动态地重新配置其组件，以提供最佳的检测能力给定的有限资源。为此，性能监控，负载削减，攻击场景分析，成本效益分析techniques.Through出版物和算法和工具，从这项研究中，研究人员和从业者可以学习的好处和自适应IDS的技术。本研究也为相关领域做出了重要贡献，可生存的网络系统和智能编辑。最终，社会将受益于更有效和更强大的安全机制。