A discussion on “Detection of intrusions in information systems by sequential change-point methods” by Tartakovsky, Rozovskii, Blažek, and Kim. (English) Zbl 1248.94028
Summary: The discussion focuses on issues arising in practical applications of the CUSUM procedures developed by A. G. Tartakovsky et al. [ibid. 3, No. 3, 252–293 (2006; Zbl 1248.94032)] to detect changes in multichannel sensor systems. These issues are illustrated with a data set from the MIT Lincoln Laboratory that is used to estimate the parameters of procedures for detecting denial-of-service attacks.
MSC:
| 94A13 | Detection theory in information and communication theory |
| 68M10 | Network design and communication in computer systems |
| 90B18 | Communication networks in operations research |
| 62P30 | Applications of statistics in engineering and industry; control charts |
| 94A40 | Channel models (including quantum) in information and communication theory |
Keywords:
change-point detection; CUSUM procedures; sequential tests; intrusion detection; denial of serviceCitations:
Zbl 1248.94032References:
| [1] | Bagshaw, M.; Johnson, R. A., The effect of serial correlation on the performance of CUSUM tests II, Technometrics, 17, 1, 73-80 (1975) |
| [2] | Johnson, R. A.; Bagshaw, M., The effect of serial correlation on the performance of CUSUM tests, Technometrics, 16, 1, 103-112 (1974) · Zbl 0277.62069 |
| [3] | S.-H. Kim, C. Alexopoulos, D. Goldsman, K.-L. Tsui, A new model-free CUSUM chart for autocorrelated processes, Technical Report, School of Industrial and Systems Engineering, Georgia Institute of Technology, 2005. Available via http://www.isye.gatech.edu/ skim/QC_Known_SHK.pdf; S.-H. Kim, C. Alexopoulos, D. Goldsman, K.-L. Tsui, A new model-free CUSUM chart for autocorrelated processes, Technical Report, School of Industrial and Systems Engineering, Georgia Institute of Technology, 2005. Available via http://www.isye.gatech.edu/ skim/QC_Known_SHK.pdf |
| [4] | Montgomery, D. C., Introduction to Statistical Quality Control (2001), Wiley: Wiley New York |
| [5] | Y. Park, A Statistical Process Control Approach for Network Intrusion Detection, Ph.D. Dissertation, School of Industrial and Systems Engineering, Georgia Institute of Technology, Atlanta, Georgia, 2005; Y. Park, A Statistical Process Control Approach for Network Intrusion Detection, Ph.D. Dissertation, School of Industrial and Systems Engineering, Georgia Institute of Technology, Atlanta, Georgia, 2005 |
| [6] | Runger, G. C.; Willemain, T. R., Model-based and model-free control of autocorrelated processes, J. Qual. Technol., 27, 4, 283-292 (1995) |
| [7] | A.G. Tartakovsky, B.L. Rozovskii, R.B. Blažek, H. Kim, Detection of intrusions in information systems by sequential change-point methods, Stat. Meth. (2006) (in this issue); A.G. Tartakovsky, B.L. Rozovskii, R.B. Blažek, H. Kim, Detection of intrusions in information systems by sequential change-point methods, Stat. Meth. (2006) (in this issue) · Zbl 1248.94032 |
| [8] | Wagner, M. A.F.; Wilson, J. R., Using univariate Bézier distributions to model simulation input processes, IIE Trans., 28, 9, 699-711 (1996) |
| [9] | Ye, N.; Li, X.; Chen, Q.; Emran, S. M.; Xu, M., Probabilistic techniques for intrusion detection based on computer audit data, IEEE Trans. Sys. Man Cybern., 31, 4, 266-274 (2001) |
| [10] | Ye, N.; Vilbert, S.; Chen, Q., Computer intrusion detection through EWMA for autocorrelated and uncorrelated data, IEEE Trans. Reliab., 52, 1, 75-82 (2003) |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
