×

Performance adaptation in real-time intrusion detection systems. (English) Zbl 1022.68544

Wespi, Andreas (ed.) et al., Recent advances in intrusion detection. 5th international symposium, RAID 2002, Zurich, Switzerland, October 16-18, 2002. Proceedings. Berlin: Springer. Lect. Notes Comput. Sci. 2516, 252-273 (2002).
Summary: A real-time intrusion detection system (IDS) has several performance objectives: good detection coverage, economy in resource usage, resilience to stress, and resistance to attacks upon itself. In this paper, we argue that these objectives are trade-offs that must be considered not only in IDS design and implementation, but also in deployment and in an adaptive manner. We show that IDS performance trade-offs can be studied as classical optimization problems. We describe an IDS architecture with multiple dynamically configured front-end and back-end detection modules and a monitor. The IDS run-time performance is measured periodically, and detection strategies and workload are configured among the detection modules according to resource constraints and cost-benefit analysis. The back-end performs scenario (or trend) analysis to recognize on-going attack sequences, so that the predictions of the likely forthcoming attacks can be used to pro-actively and optimally configure the IDS.
For the entire collection see [Zbl 1011.68737].

MSC:

68P25 Data encryption (aspects in computer science)
PDFBibTeX XMLCite
Full Text: Link