Abstract
Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 55-61 |
| Number of pages | 7 |
| Journal | Computer |
| Volume | 38 |
| Issue number | 11 |
| DOIs | |
| State | Published - Nov 2005 |
Fingerprint
ASJC Scopus subject areas
- Hardware and Architecture
- Computer Graphics and Computer-Aided Design
- Software
Cite this
A scientific approach to cyberattack detection. / Ye, Nong; Farley, Toni.
In: Computer, Vol. 38, No. 11, 11.2005, p. 55-61.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - A scientific approach to cyberattack detection
AU - Ye, Nong
AU - Farley, Toni
PY - 2005/11
Y1 - 2005/11
N2 - Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.
AB - Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.
UR - http://www.scopus.com/inward/record.url?scp=28244467214&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=28244467214&partnerID=8YFLogxK
U2 - 10.1109/MC.2005.358
DO - 10.1109/MC.2005.358
M3 - Article
AN - SCOPUS:28244467214
VL - 38
SP - 55
EP - 61
JO - ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering
JF - ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering
SN - 0018-9162
IS - 11
ER -