Misuse Detection
Encyclopedia
Misuse detection actively works against potential insider threats
to vulnerable
company data
.
. In misuse detection approach, we define abnormal system behaviour at first, and then define any other behaviour, as normal behaviour. It stands against anomaly detection approach which utilizes the reverse approach, defining normal system behaviour and defining any other behaviour as abnormal.
In other words anything we don't know is normal. Using attack signatures in IDSes is an example of this approach.
Misuse detection has also been used to refer to all kinds of computer misuse. See Intrusion detection
.
Its disadvantage is its inability to recognize unknown attacks.
Threat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
to vulnerable
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
company data
Data
The term data refers to qualitative or quantitative attributes of a variable or set of variables. Data are typically the results of measurements and can be the basis of graphs, images, or observations of a set of variables. Data are often viewed as the lowest level of abstraction from which...
.
Misuse
Misuse detection is an approach in detecting attacksAttack (computer)
In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.- IETF :Internet Engineering Task Force defines attack in RFC 2828 as:...
. In misuse detection approach, we define abnormal system behaviour at first, and then define any other behaviour, as normal behaviour. It stands against anomaly detection approach which utilizes the reverse approach, defining normal system behaviour and defining any other behaviour as abnormal.
In other words anything we don't know is normal. Using attack signatures in IDSes is an example of this approach.
Misuse detection has also been used to refer to all kinds of computer misuse. See Intrusion detection
Intrusion detection
In Information Security, intrusion detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. When Intrusion detection takes a preventive measure without direct human intervention, then it becomes an Intrusion-prevention...
.
Theory
In theory, It assumes that abnormal behaviour and activity has a simple to define model. Its advantage is simplicity of adding known attacks to the model.Its disadvantage is its inability to recognize unknown attacks.
Further reading
For more information on Misuse Detection, including papers written on the subject, consider the following:- Misuse Detection Concepts and Algorithms - article by the IR Lab at IIT.