A scientific approach to cyberattack detection

Nong Ye, Toni Farley

Research output: Contribution to journalArticle

6 Citations (Scopus)

Abstract

Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.

Original languageEnglish (US)
Pages (from-to)55-61
Number of pages7
JournalComputer
Volume38
Issue number11
DOIs
StatePublished - Nov 2005

Fingerprint

Signal detection
Mathematical models
Statistical Models

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Graphics and Computer-Aided Design
  • Software

Cite this

A scientific approach to cyberattack detection. / Ye, Nong; Farley, Toni.

In: Computer, Vol. 38, No. 11, 11.2005, p. 55-61.

Research output: Contribution to journalArticle

Ye, Nong ; Farley, Toni. / A scientific approach to cyberattack detection. In: Computer. 2005 ; Vol. 38, No. 11. pp. 55-61.
@article{15bcd33a0e664893ac724db9329617b7,
title = "A scientific approach to cyberattack detection",
abstract = "Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.",
author = "Nong Ye and Toni Farley",
year = "2005",
month = "11",
doi = "10.1109/MC.2005.358",
language = "English (US)",
volume = "38",
pages = "55--61",
journal = "ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering",
issn = "0018-9162",
publisher = "IEEE Computer Society",
number = "11",

}

TY - JOUR

T1 - A scientific approach to cyberattack detection

AU - Ye, Nong

AU - Farley, Toni

PY - 2005/11

Y1 - 2005/11

N2 - Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.

AB - Despite many attempts to counter them, cyberattacks on computer and network systems continue to threaten the global information infrastructure, targeting data files, services, or service ports. Unfortunately, current countering methods - prevention, detection, or reaction - tend to be inefficient, inaccurate, and limited. Developers of detection systems, in particular, tend to rely on empiricism or heuristics, a strategy that lacks a deep scientific understanding of the signals an attack can give off in cyberspace. The inadequacies of the two most recognizable attack-detection approaches - signature recognition and anomaly detection - are a case in point. Give n these gaps in detection accuracy, perhaps it is time to look at more scientific principles, such as those embodied in established signal-detection models that are adept at handling a mix of signal and noise data. With such models, it might be possible to separate attack and norm characteristics, permitting the least amount of relevant data to detect a wide range of attacks accurately and efficiently. Robust sy stems with the scientific and engineering rigor of signal-detection technologies would offer a deep understanding of signal and noise characteristics. This knowledge in turn might make it possible to build mathematical or statistical models that can accurately detect an attack signal in a sea of normal-use activity even if the attack is subtle.

UR - http://www.scopus.com/inward/record.url?scp=28244467214&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=28244467214&partnerID=8YFLogxK

U2 - 10.1109/MC.2005.358

DO - 10.1109/MC.2005.358

M3 - Article

AN - SCOPUS:28244467214

VL - 38

SP - 55

EP - 61

JO - ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering

JF - ACM SIGPLAN/SIGSOFT Workshop on Program Analysis for Software Tools and Engineering

SN - 0018-9162

IS - 11

ER -