TY - GEN
T1 - Statistical process control for computer intrusion detection
AU - Ye, Nong
AU - Emran, S. M.
AU - Li, Xiangyang
AU - Chen, Qiang
N1 - Funding Information:
This work is sponsored in part by the Defense Advanced Research Projects Agency (DARPA)/Air Force Research Laboratory (AFRL) under grant number F30602-99-1-0506, and by the Air Force Office of Scientific Research (AFOSR) under grant number F49620-99-1-0014. The U.S. government has the authority to reproduce and distribute reprints for governmental purpose notwithstanding any copyright annotation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either express or implied, of DARPA, AFRL, AFOSR, or the U.S. Government.
PY - 2001
Y1 - 2001
N2 - This paper describes the architecture of a distributed, host-based Intrusion Detection System (IDS) that we have developed at the Information and Systems Assurance Laboratory (ISA), Arizona State University (hence, ISA-IDS). ISA-IDS is developed based on statistical process control (SPC). In ISA-IDS we employ two intrusion detection techniques. One is an anomaly detection technique called Chi-square. Another is a misuse detection technique called Clustering. Each technique determines an intrusion warning (IW) level for each audit event. The IW levels from different intrusion detection techniques are then combined using a fusion technique into a composite IW level, 0 for normal, 1 for intrusive, and any value in between to signify, the intrusiveness. We also present the intrusion detection performance of the Chi-square and Clustering techniques.
AB - This paper describes the architecture of a distributed, host-based Intrusion Detection System (IDS) that we have developed at the Information and Systems Assurance Laboratory (ISA), Arizona State University (hence, ISA-IDS). ISA-IDS is developed based on statistical process control (SPC). In ISA-IDS we employ two intrusion detection techniques. One is an anomaly detection technique called Chi-square. Another is a misuse detection technique called Clustering. Each technique determines an intrusion warning (IW) level for each audit event. The IW levels from different intrusion detection techniques are then combined using a fusion technique into a composite IW level, 0 for normal, 1 for intrusive, and any value in between to signify, the intrusiveness. We also present the intrusion detection performance of the Chi-square and Clustering techniques.
UR - http://www.scopus.com/inward/record.url?scp=84964425418&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84964425418&partnerID=8YFLogxK
U2 - 10.1109/DISCEX.2001.932187
DO - 10.1109/DISCEX.2001.932187
M3 - Conference contribution
AN - SCOPUS:84964425418
T3 - Proceedings - DARPA Information Survivability Conference and Exposition II, DISCEX 2001
SP - 3
EP - 14
BT - Proceedings - DARPA Information Survivability Conference and Exposition II, DISCEX 2001
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - DARPA Information Survivability Conference and Exposition II, DISCEX 2001
Y2 - 12 June 2001 through 14 June 2001
ER -