Students: Spring 2023, unless noted otherwise, sessions will be virtual on Zoom.
Misuse Detection vs. Intrusion Detection
Oct 11, 1996
Misuse detection has a number of differences from intrusion detection, which include the facts that the violator is authorized to access the target material, and can take her time doing the misuse by, e.g., spreading it over a period of time or over a number of sessions each of which looks "normal". After reviewing some of the common approaches to misuse detection, I'll explain how the pattern matching approach works, the special problems associated with using it for misuse detection, and possible ways of coping with these difficulties.