Abstract
IDS research still needs to strengthen mathematical foundations and theoretic guidelines. In this paper, we build a formal framework, based on information theory, for analyzing and quantifying the effectiveness of an IDS. We firstly present a formal IDS model, then analyze it following an information-theoretic approach. Thus, we propose a set of information-theoretic metrics that can quantitatively measure the effectiveness of an IDS in terms of feature representation capability, classification information loss, and overall intrusion detection capability. We establish a link to relate these metrics, and prove a fundamental upper bound on the intrusion detection capability of an IDS. Our framework is a practical theory which is data trace driven and evaluation oriented in this area. In addition to grounding IDS research on a mathematical theory for formal study, this framework provides practical guidelines for IDS fine-tuning, evaluation and design, that is, the provided set of metrics greatly facilitates a static/dynamic fine-tuning of an IDS to achieve optimal operation and a fine-grained means to evaluate IDS performance and improve IDS design. We conduct experiments to demonstrate the utility of our framework in practice.
Original language | English |
---|---|
Title of host publication | Computer Security - ESORICS 2006 : 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings |
Editors | D. Gollmann, J. Meier, A. Sabelfeld |
Place of Publication | Berlin |
Publisher | Springer |
Pages | 527-546 |
ISBN (Print) | 3-540-44601-X, 978-3-540-44601-9 |
DOIs | |
Publication status | Published - 2006 |
Event | 11th European Symposium on Research in Computer Security (ESORICS 2006) - University of Hamburg, Hamburg, Germany Duration: 18 Sep 2006 → 20 Sep 2006 Conference number: 11 http://www.esorics06.tu-harburg.de/ |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Volume | 4189 |
ISSN (Print) | 0302-9743 |
Conference
Conference | 11th European Symposium on Research in Computer Security (ESORICS 2006) |
---|---|
Abbreviated title | ESORICS 2006 |
Country/Territory | Germany |
City | Hamburg |
Period | 18/09/06 → 20/09/06 |
Internet address |