Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
paper cover icon
M of N Features vs. Intrusion Detection

M of N Features vs. Intrusion Detection

Lecture Notes in Computer Science, 2005
Zhuowei Li
Abstract
In order to complement the incomplete training audit trails, model generalization is always utilized to infer more unknown knowledge for intrusion detection. Thus, it is important to evaluate model general- ization with respect to the detection performance of intrusion detection. In this paper, based on a general intrusion detection methodology, M out of N features in a behavior signature are utilized to detect the be- haviors (M ≤ N ) instead of using all N features. This is because M of N features in a signature can generalize the behavior model to incorporate unknown behaviors, which are useful to detect novel intrusions outside the known behavior model. However, the preliminary experimental re- sults show that all features of any signature should be fully utilized for intrusion detection instead of M features in it. This is because the M of N features scheme will make the behavior identification capability of the behavior model lost by detecting most behaviors as 'anomalies'.

Amitabha Das hasn't uploaded this paper.

Let Amitabha know you want this paper to be uploaded.

Ask for this paper to be uploaded.