Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICCSA
2005
Springer
2005
Springer
M of N Features vs. Intrusion Detection
In order to complement the incomplete training audit trails, model generalization is always utilized to infer more unknown knowledge for intrusion detection. Thus, it is important to evaluate model generalization with respect to the detection performance of intrusion detection. In this paper, based on a general intrusion detection methodology, M out of N features in a behavior signature are utilized to detect the behaviors (M ≤ N) instead of using all N features. This is because M of N features in a signature can generalize the behavior model to incorporate unknown behaviors, which are useful to detect novel intrusions outside the known behavior model. However, the preliminary experimental results show that all features of any signature should be fully utilized for intrusion detection instead of M features in it. This is because the M of N features scheme will make the behavior identification capability of the behavior model lost by detecting most behaviors as ‘anomalies’.
Real-time TrafficRelated Content
| Added | 27 Jun 2010 |
| Updated | 27 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | ICCSA |
| Authors | Zhuowei Li, Amitabha Das |
Comments (0)
Researcher Info
|
