Misuse detection actively works against potential
insider threat
A threat is a communication of intent to inflict harm or loss on another person. Intimidation is a tactic used between conflicting parties to make the other timid or psychologically insecure for coercion or control. The act of intimidation for co ...
s to
vulnerable computer
data.
Misuse
Misuse detection is an approach to detecting
computer attacks
A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
. In a misuse detection approach, abnormal system behaviour is defined first, and then all other behaviour is defined as normal. It stands against the
anomaly detection approach which utilizes the reverse: defining normal system behaviour first and defining all other behaviour as abnormal.
With misuse detection, anything not known is normal. An example of misuse detection is the use of attack signatures in an
intrusion detection system. Misuse detection has also been used more generally to refer to all kinds of computer misuse.
[Helman, Paul, Liepins, Gunar, and Richards, Wynette, "Foundations of Intrusion Detection," The IEEE Computer Security Foundations Workshop V, 1992]
Theory
In theory, misuse detection assumes that abnormal behaviour has a simple-to-define model. Its advantage is the simplicity of adding known attacks to the model. Its disadvantage is its inability to recognize unknown attacks.
References
{{reflist
Further reading
For more information on Misuse Detection, including papers written on the subject, consider the following:
Misuse Detection Concepts and Algorithms- article by the IR Lab at IIT.
Data security