Accession Number : ADA421322


Title :   The Monitoring, Detection, Isolation and Assessment of Information Warfare Attacks Through Multi-Level, Multi-Scale System Modeling and Model Based Technology


Descriptive Note : Final technical rept. May 1999-May 2001


Corporate Author : ARIZONA STATE UNIV TEMPE


Personal Author(s) : Ye, Nong


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a421322.pdf


Report Date : Jan 2004


Pagination or Media Count : 150


Abstract : With the goal of protecting computer and networked systems from various attacks, the following intrusion detection techniques were developed and tested using the 1998 and 2000 MIT Lincoln Lab Evaluation Data: Exponentially Weighted Moving Average techniques for autocorrelated and uncorrelated data to detect anomalous changes in the audit event intensity; a learning and inference algorithm based on a first-order Markov chain model of a normal profile for anomaly detection; two multivariate statistical process control techniques based on chi-square and Canberra distance metrics for anomaly intrusion detection; the technique of probabilistic networks with undirected links to represent the symmetric relations of audit event types during normal activities, build a long-term profile of normal activities, and then perform anomaly detection; and Decision tree techniques to automatically learn intrusion signatures, and to classify information system activities into normal or intrusive for producing useful intrusion warning information. Finally, this report presents a research prototype of an Intrusion Detection System (IDS) integrating the intrusion detection techniques and a process model of a computer and network system.


Descriptors :   *ELECTRONIC SECURITY , *INTRUSION DETECTION , MATHEMATICAL MODELS , ANOMALIES , DATA MANAGEMENT , DATA PROCESSING SECURITY , COMPUTER VIRUSES , INFORMATION WARFARE


Subject Categories : Computer Programming and Software
      Miscellaneous Detection and Detectors


Distribution Statement : APPROVED FOR PUBLIC RELEASE