University of AmsterdamUniversity of AmsterdamUvA

  • Terms of use
  • Contact

UvA-DARE (Digital Academic Repository)

  • Home
  • Advanced Search
  • Browse
  • My selection

Search UvA-DARE

Author
A. Sperotto
M. Mandjes
R. Sadre
P.-T. de Boer
A. Pras
Year
2012
Title
Autonomic parameter tuning of anomaly-based IDSs: an SSH case study
Journal
IEEE Transactions on Network and Service Management
Volume | Issue number
9 | 2
Pages (from-to)
128-141
Document type
Article
Faculty
Faculty of Science (FNWI)
Institute
Korteweg-de Vries Institute for Mathematics (KdVI)
Abstract
Anomaly-based intrusion detection systems classify network traffic instances by comparing them with a model of the normal network behavior. To be effective, such systems are expected to precisely detect intrusions (high true positive rate) while limiting the number of false alarms (low false positive rate). However, there exists a natural trade-off between detecting all anomalies (at the expense of raising alarms too often), and missing anomalies (but not issuing any false alarms). The parameters of a detection system play a central role in this trade-off, since they determine how responsive the system is to an intrusion attempt. Despite the importance of properly tuning the system parameters, the literature has put little emphasis on the topic, and the task of adjusting such parameters is usually left to the expertise of the system manager or expert IT personnel. In this paper, we present an autonomic approach for tuning the parameters of anomaly-based intrusion detection systems in case of SSH traffic. We propose a procedure that aims to automatically tune the system parameters and, by doing so, to optimize the system performance. We validate our approach by testing it on a flow-based probabilistic detection system for the detection of SSH attacks.
URL
go to publisher's site
Language
English
Permalink
http://hdl.handle.net/11245/1.381033

Disclaimer/Complaints regulations

If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library, or send a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible.

PrintPrint this pageShareShare via emailShare on facebookShare on linkedinShare on twitter
  • University library
  • About UvA-DARE
  • Disclaimer
Copyright UvA 2014