8. Misuse Detection Methods & System AutiGUARD Case Based reasoning IDES,NIDX,P-BEST,ISOA Expert System IDIOT Colored Petri Automata STAT family(STAT,USTAT,NSTAT,NetSTAT) State Transition Analysis RUSSEL,P-BEST Rule-based Languages System Method
9.
10.
11.
12. Misuse Detection vs. Anomaly Detection High false-alarm and limited by training data. Is able to detect unknown attacks based on audit Anomaly Detection Cannot detect novel or unknown attacks Accurately and generate much fewer false alarm Misuse Detection Disadvantage Advantage