Systematization of Knowledge from Intrusion Detection Models - October 2015

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Huaiyu Dai, Andy Meneely
Researchers:

Xiaofan He, Yufan Huang, Richeng Jin, Nuthan Munaiah, Kevin Campusano Gonzalez

HARD PROBLEM(S) ADDRESSED

• Security Metrics and Models - The project aims to establish common criteria for evaluating and systematizing knowledge contributed by research on intrusion detection models.
• Resilient Architectures - Robust intrusion detection models serve to make large systems more resilient to attack.
• Scalability and Composability - Intrusion detection models deal with large data sets every day, so scale is always a significant concern.
• Humans - A key aspect of intrusion detection is interpreting the output and acting upon it, which inherently involves humans. Furthermore, intrusion detection models are ultimately simulations of human behavior.

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

ACCOMPLISHMENT HIGHLIGHTS

• We continued collecting and summarizing evaluation metrics and benchmark datasets for intrusion detection systems (IDS) in preparation for a comprehensive survey paper. We are applying an open coding process to our papers to measure how many IDS papers generalize based on the validation metrics they use. Currently, our preliminary results show that some areas of IDS research do not generalize nearly as well as others, and our study will point to areas of improvement for future IDS researchers.

• We initiated a study to promote resource sharing and collaborative defense among IDS’s.