Misuse Detection vs. Intrusion Detection
Mikhail Atallah - CERIAS /Purdue CS Department
Oct 11, 1996
AbstractMisuse detection has a number of differences from intrusion detection, which include the facts that the violator is authorized to access the target material, and can take her time doing the misuse by, e.g., spreading it over a period of time or over a number of sessions each of which looks "normal". After reviewing some of the common approaches to misuse detection, I'll explain how the pattern matching approach works, the special problems associated with using it for misuse detection, and possible ways of coping with these difficulties.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.