IJPAM: Volume 34, No. 1 (2007)

ON A PROBABILISTIC MODEL
OF INTRUSION DETECTION

Alexander Grusho$^1$, Elena Timonina$^2$,
Zeev (Vladimir) Volkovich$^3$Software Engineering Department, ORT Braude College, P.O. Box 21982, Karmiel, ISRAEL, Zeev Barzily$^4$
$^1$Moscow State University
GSP-2, Leninskie Gory, Moscow, 119992, RUSSIA
e-mail: grusho@yandex.ru
$^2$Russian State University for the Humanities
25 Kirovogradskaya, Moscow, 113534, RUSSIA
e-mail: eltimon@yandex.ru
$^{3,4}$Software Engineering Department
ORT Braude College, P.O. Box 21982, Karmiel, ISRAEL
$^3$e-mail: vlvolkov@ort.org.il
$^4$e-mail: zbarzily@ort.org.il
$^3$Department of Mathematics and Statistics
The University of Maryland
Baltimore County, USA


Abstract.In this paper we consider a probabilistic model of anomaly based intrusion detection systems. The model represents a network-like computer system by events' sequences in an appropriate functional space. This space is a kind of the Tychonoff product space. The model is described by means of a stochastic tree operated in a discrete time mode. Necessary and sufficient conditions for the existence of a strictly consistent sequence, of statistical tests, for unauthorized access detection are revealed. Modifications of these conditions, for the inferences by subsequences, are presented. The paper includes two appropriate examples that exhibit the results obtained.

Received: October 16, 2006

AMS Subject Classification: 62F03, 62F05, 60G20, 62P99

Key Words and Phrases: hypothesis testing, asymptotic properties of tests, generalized stochastic processes

Source: International Journal of Pure and Applied Mathematics
ISSN: 1311-8080
Year: 2007
Volume: 34
Issue: 1