Impact of IT Monoculture on Behavioral End Host Intrusion Detection

Free registration required

Executive Summary

In this paper, the authors study the impact of today's IT policies, defined based upon a monoculture approach, on the performance of end host anomaly detectors. This approach leads to the uniform configuration of Host Intrusion Detection Systems (HIDS) across all hosts in an enterprise networks. The authors assess the performance impact this policy has from the individual's point of view by analyzing network traces collected from 350 enterprise users. The authors uncover a great deal of diversity in the user population in terms of the "Tail" behavior, i.e., the component which matters for anomaly detection systems.

  • Format: PDF
  • Size: 312.3 KB