This article needs additional citations for verification. (December 2011) |
Misuse detection actively works against potential insider threats to vulnerable computer data.
Misuse
editMisuse detection is an approach to detecting computer attacks. In a misuse detection approach, abnormal system behaviour is defined first, and then all other behaviour is defined as normal. It stands against the anomaly detection approach which utilizes the reverse: defining normal system behaviour first and defining all other behaviour as abnormal. With misuse detection, anything not known is normal. An example of misuse detection is the use of attack signatures in an intrusion detection system. Misuse detection has also been used more generally to refer to all kinds of computer misuse.[1]
References
edit- ^ Helman, Paul, Liepins, Gunar, and Richards, Wynette, "Foundations of Intrusion Detection," The IEEE Computer Security Foundations Workshop V, 1992
Further reading
editFor more information on Misuse Detection, including papers written on the subject, consider the following:
- Misuse Detection Concepts and Algorithms - article by the IR Lab at IIT.