Abstract

This paper addresses specific problems within the area of performing computer system intrusion detection, and presents the reader with an effective decision model to addressing these problems. Current intrusion detection analysis methods are reluctant to properly evaluate the results of decisions made based on their analysis outcomes. These analysis outcomes influence the decision making process involved in the response to an intrusion. Utilizing basic decision modeling methods we can develop a model that is both effective and easy to use. To form this model we must have the following within our environment; standard analysis procedure and the classification of information elements. These will feed into our structured decision model and aid in our final decision outcome.

Introduction

With the rapid growth of the Internet and the need for information to be publicly accessible and both private and public sector businesses and agencies rendering service via the web to both consumers and potential adversaries computer security has grown rapidly. Recently the area of Intrusion Detection has grown into a large and distinct discipline. Although alone it is nothing more than a measurement device, coupled with both human and computer analytical power it becomes a proactive tool in preventing current and future computer intrusions.

The challenge of intrusion detection is performing accurate and correct analysis of the presented data. Most often a decision to block a suspected attacker are made in hast and cause network outages. These outages result in the failure to deliver service to the end customer, and in some cases this is an attackerís objective. A proper process must be created and followed during the analytical process to assure that decisions are (1) accurate and (2) unbiased.

Decision Modeling provides us with a structured approach that can be used to (1) formulate a standard analysis method and (2) formulate an overall decision model. Decision theory allows us to associate a set of probability distributions with each event to reflect the expectations or uncertainties of the decision maker. (Butler) Within this paper we will focus on this overall model, and the elements important to creating and utilizing it. To begin we will conduct a discussion of the overall problem, then define the environment specifically focusing on where we can obtain additional analysis data, and finally form and review the decision model. Our goal in applying the decision modeling method is to make ìsmarterî decisions.

Published Paper

The full paper is available in PDF format here.