Distinguishing Novel Usage From Novel Attacks
Final rept. 1 Jul 2003-31 Aug 2006
ATC-NY ITHACA NY
Pagination or Media Count:
In this project, ATC-NY is developing methods for evaluating anomalous behavior concurrently with reacting to it. Anomalous events that are not so suspicious as to cause an immediate alarm are continually reexamined in the light of later events, with the goal of eventually understanding whether they are benign or malign. As time goes on, the IDS should become familiar with common attacks, even while it continually adapts to small changes in normal behavior. By focusing on the long-term problem building up knowledge, the proposed IDS should become better over time at solving the short-term problem detecting attacks.
- Computer Systems Management and Standards