Statistical process control for computer intrusion detection

Nong Ye, S. M. Emran, Xiangyang Li, Qiang Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

30 Scopus citations

Abstract

This paper describes the architecture of a distributed, host-based Intrusion Detection System (IDS) that we have developed at the Information and Systems Assurance Laboratory (ISA), Arizona State University (hence, ISA-IDS). ISA-IDS is developed based on statistical process control (SPC). In ISA-IDS we employ two intrusion detection techniques. One is an anomaly detection technique called Chi-square. Another is a misuse detection technique called Clustering. Each technique determines an intrusion warning (IW) level for each audit event. The IW levels from different intrusion detection techniques are then combined using a fusion technique into a composite IW level, 0 for normal, 1 for intrusive, and any value in between to signify, the intrusiveness. We also present the intrusion detection performance of the Chi-square and Clustering techniques.

Original languageEnglish (US)
Title of host publicationProceedings - DARPA Information Survivability Conference and Exposition II, DISCEX 2001
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages3-14
Number of pages12
ISBN (Electronic)0769512127, 9780769512129
DOIs
StatePublished - 2001
EventDARPA Information Survivability Conference and Exposition II, DISCEX 2001 - Anaheim, United States
Duration: Jun 12 2001Jun 14 2001

Publication series

NameProceedings - DARPA Information Survivability Conference and Exposition II, DISCEX 2001
Volume1

Other

OtherDARPA Information Survivability Conference and Exposition II, DISCEX 2001
Country/TerritoryUnited States
CityAnaheim
Period6/12/016/14/01

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Statistical process control for computer intrusion detection'. Together they form a unique fingerprint.

Cite this