Misuse Detection vs. Intrusion Detection
Page Content
Mikhail Atallah - CERIAS /Purdue CS Department
Oct 11, 1996
Abstract
Misuse detection has a number of differences from intrusion detection, which include the facts that the violator is authorized to access the target material, and can take her time doing the misuse by, e.g., spreading it over a period of time or over a number of sessions each of which looks "normal". After reviewing some of the common approaches to misuse detection, I'll explain how the pattern matching approach works, the special problems associated with using it for misuse detection, and possible ways of coping with these difficulties.© 1999-2013 Purdue University. All rights reserved.
Use/Reuse Guidelines
CERIAS Seminar materials are intended for educational, non-commercial use only and any or all commercial use is prohibited. Any use must attribute "The CERIAS Seminar at Purdue University." Opinions expressed in the recordings are not necessarily representative of the views of CERIAS or of Purdue University.
Footer
RSS Feeds
Combined XML Feed
News XML Feed Events XML Feed Weblogs XML Feed Security Seminar Podcast
Twitter: @cerias, @ceriasarchive, #cerias
CERIAS, Purdue University / Recitation Building / 656 Oval Drive / West Lafayette IN 47907-2086
phone (765)494-7841 / fax (765)496-3181
Copyright © 2013, Purdue University, all rights reserved. Purdue University is an equal access/equal opportunity university.
If you have trouble accessing this page because of a disability, please contact the CERIAS webmaster at webmaster@cerias.purdue.edu. Some content on this site may require the use of a special plug-in or application. Please visit our plug-ins page for links to download these applications.
Privacy Policy
