Misuse detection

Misuse detection actively works against potential insider threats to vulnerable computer data.

Misuse

Misuse detection is an approach to detecting computer attacks. In a misuse detection approach, abnormal system behaviour is defined first, and then all other behaviour is defined as normal. It stands against the anomaly detection approach which utilizes the reverse: defining normal system behaviour first and defining all other behaviour as abnormal. With misuse detection, anything not known is normal. An example of misuse detection is the use of attack signatures in an intrusion detection system. Misuse detection has also been used more generally to refer to all kinds of computer misuse.[1]

Theory

In theory, misuse detection assumes that abnormal behaviour has a simple-to-define model. Its advantage is the simplicity of adding known attacks to the model. Its disadvantage is its inability to recognize unknown attacks.

gollark: You could argue that. You would be wrong, but you could.
gollark: GTechâ„¢ is on 294838193859204849392G anyway.
gollark: The various whateverG things are bizarre marketing terminology for a wide range of features and capabilities.
gollark: So I had to improve their blood.
gollark: I find that the viscosity of it is suboptimal for many purposes.

References
  1. Helman, Paul, Liepins, Gunar, and Richards, Wynette, "Foundations of Intrusion Detection," The IEEE Computer Security Foundations Workshop V, 1992

Further reading

For more information on Misuse Detection, including papers written on the subject, consider the following:

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.