Parameters for intrusion analysis


  • Karresand Martin

Publish date: 2005-01-01

Report number: FOI-R--1831--SE

Pages: 33

Written in: Swedish


This report presents an analysis of 11 papers treating anomaly based intrusion detection from Recent Advances in Intrusion Detection (RAID) published between 2000 and 2004, and 9 papers from the IEEE Symposium on Security and Privacy (S&P) published between 2000 and 2005. The analysis is performed with the aim to find what parameters are used as a basis to detect intrusions from. In addition to that four more papers are presented and analysed. The papers are treating the question of whether it is possible to use the byte frequency distribution of a data fragment to correctly classify it as belonging to a specific file type.