Jump to content

Misuse detection

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Persian oracle (talk | contribs) at 12:25, 6 March 2007. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Misuse Detection actively works against potential insider threats to vulnerable company data.

Misuse

Misuse detection is an approach in detecting attacks. In misuse detection approach, we define abnormal system behaviour at first, and then define eny other behaviour, as normal behaviour. It stands against anomaly detection approach which utilizes the reverse approach, defining normal system behaviour and defining any other behaviour as abnormal. Insider misuse of technical systems is a growing problem in companies world-wide. In 1996, 62.9 percent of companies reported misuse of computer systems by insiders [1]. The concept of Misuse Detection is to track computer use within a company and prevent users from compromising critical company data.

Theory

In theory, It assumes that abnormal behaviour and activity has a simple to define model. Its advantage is simplicity of adding known attacks to the model. Its disadvantage is its inability to recognize unknown attacks.

Notes

  1. ^ "The Insider Threat To Information Systems" by Eric D. Shaw, Ph.D., Keven G. Ruby, M.A. and Jerrold M. Post, M.D.

Further Reading

For more information on Misuse Detection, including papers written on the subject, consider the following:

Retrieved from "https://en.wikipedia.org/w/index.php?title=Misuse_detection&oldid=113048538"