Systematization of Knowledge from Intrusion Detection Models - April 2015

Submitted by drwright on Sun, 03/22/2015 - 1:15pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Huaiyu Dai, Andy Meneely
Researchers:

Xiaofan He, Yufan Huang, Nuthan Munaiah, Kevin Campusano Gonzalez

HARD PROBLEM(S) ADDRESSED

Security Metrics and Models - The project aims to establish common criteria for evaluating and systematizing knowledge contributed by research on intrusion detection models.
Resilient Architectures - Robust intrusion detection models serve to make large systems more resilient to attack.
Scalability and Composability - Intrusion detection models deal with large data sets every day, so scale is always a significant concern.
Humans - A key aspect of intrusion detection is interpreting the output and acting upon it, which inherently involves humans. Furthermore, intrusion detection models are ultimately simulations of human behavior.

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

Yufan Huang, Xiaofan He, Huaiyu Dai. 2015. Poster: Systematization of Metrics in Intrusion Detection Systems. ACM Proc. Of the Symposium and Bootcamp on the Science of Security (HotSoS), University of Illinois at Urbana-Champaign, IL.

ACCOMPLISHMENT HIGHLIGHTS

We have surveyed and studied the intrusion detection methods that have been applied to the KDD 99 data set.
We have obtained some preliminary categorization results for IDS methodologies adopted in existing literature.
We are in the process of collecting, summarizing, and classifying major IDS evaluation metrics.
We are in the process of studying the application of game theory on IDS.

Groups:

NCSU Science of Security Lablet Research Initiative