Systematization of Knowledge from Intrusion Detection Models - October 2016

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Huaiyu Dai, Andy Meneely
Researchers:

Xiaofan He, Yufan Huang, Richeng Jin, Nuthan Munaiah, Kevin Campusano Gonzalez

HARD PROBLEM(S) ADDRESSED

• Security Metrics and Models - The project aims to establish common criteria for evaluating and systematizing knowledge contributed by research on intrusion detection models.
• Resilient Architectures - Robust intrusion detection models serve to make large systems more resilient to attack.
• Scalability and Composability - Intrusion detection models deal with large data sets every day, so scale is always a significant concern.
• Humans - A key aspect of intrusion detection is interpreting the output and acting upon it, which inherently involves humans. Furthermore, intrusion detection models are ultimately simulations of human behavior.

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

• Richeng Jin, Xiaofan He, Huaiyu Dai.  2016.  Collaborative IDS Configuration: A Two-layer Game Approach. IEEE Global Conference on Communications (GLOBECOM). 
  URL: http://www4.ncsu.edu/~hdai/GC16-RJ.pdf

• Nuthan Munaiah, Andrew Meneely, Benjamin Short, Ryan Wilson, Jordan Tice.  2016.  Are Intrusion Detection Studies Evaluated Consistently? A Systematic Literature Review :18.
  URL: http://scholarworks.rit.edu/article/1810

ACCOMPLISHMENT HIGHLIGHTS

• In the context of privacy-aware collaborative security decision making, we specifically looked into collaborative intrusion detection systems (CIDSs). Our goal is to find collaborative protocols which can achieve good tradeoff between detection accuracy and privacy; in particular, collaborative protocols that can satisfy the privacy requirements  of CIDSs while still allowing beneficial collaboration are desired.

• We have aggregated results from a capture-recapture study to estimate the number of empirical studies of Intrusion Detection Systems that use consistent evaluation metrics. Our results show systemic inconsistency over time of critical evaluation metrics, demonstrating a lot of concerns we have had about the validity of most IDS studies.