The Correlation Deduction Method for Intrusion Decision Based on Heterogeneous Sensors(Applications of Information Security Techonoiques)

概要

論文の詳細を見る
An Anomaly detection sensor, to detect an abnormal use of system resources or an abnormal behavior of authorized users, uses various measures and decides on the basis of threshold value. However, it has high false alarm rate, and it make it hard to merchandise. Also, it is not easy to have a threshold which is suitable for installation environment. In this paper, we propose a method to automatic generation of proper threshold of each sensor, and the threshold is applied for an integrated decision. Also, we propose a computing method for a correlation of heterogeneous detection sensors. As we use the correlation to integrate and decide the opinions of each sensor, false positive can be greatly reduced.
社団法人電子情報通信学会の論文
2003-10-01