A scientific approach to cyberattack detection

Nong Ye, Toni Farley

Research output: Contribution to journalArticle

6 Scopus citations

Abstract

Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.

Original languageEnglish (US)
Pages (from-to)55-61
Number of pages7
JournalComputer
Volume38
Issue number11
DOIs
StatePublished - Nov 2005

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Graphics and Computer-Aided Design
  • Software

Fingerprint Dive into the research topics of 'A scientific approach to cyberattack detection'. Together they form a unique fingerprint.

  • Cite this