A scientific approach to cyberattack detection

Nong Ye; Toni Farley

doi:10.1109/MC.2005.358

A scientific approach to cyberattack detection

Nong Ye, Toni Farley

IAFSE-CIDSE: Industrial, Systems and Operations Engineering

Research output: Contribution to journal › Article › peer-review

6 Scopus citations

Abstract

Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.

Original language	English (US)
Pages (from-to)	55-61
Number of pages	7
Journal	Computer
Volume	38
Issue number	11
DOIs	https://doi.org/10.1109/MC.2005.358
State	Published - Nov 2005

ASJC Scopus subject areas

Hardware and Architecture
Computer Graphics and Computer-Aided Design
Software

Access to Document

10.1109/MC.2005.358

Fingerprint Dive into the research topics of 'A scientific approach to cyberattack detection'. Together they form a unique fingerprint.

Cite this

@article{15bcd33a0e664893ac724db9329617b7,

title = "A scientific approach to cyberattack detection",

abstract = "Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.",

author = "Nong Ye and Toni Farley",

year = "2005",

month = nov,

doi = "10.1109/MC.2005.358",

language = "English (US)",

volume = "38",

pages = "55--61",

journal = "ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering",

issn = "0018-9162",

publisher = "IEEE Computer Society",

number = "11",

}

TY - JOUR

T1 - A scientific approach to cyberattack detection

AU - Ye, Nong

AU - Farley, Toni

PY - 2005/11

Y1 - 2005/11

N2 - Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.

AB - Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.

UR - http://www.scopus.com/inward/record.url?scp=28244467214&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=28244467214&partnerID=8YFLogxK

U2 - 10.1109/MC.2005.358

DO - 10.1109/MC.2005.358

M3 - Article

AN - SCOPUS:28244467214

VL - 38

SP - 55

EP - 61

JO - ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering

JF - ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering

SN - 0018-9162

IS - 11

ER -