When gossip is good: distributed probabilistic inference for detection of slow network intrusions
作者: John Mark Agosta , Denver Dash , Abraham Bachrach , Eve Schooler , Jaideep Chandrashekar
DOI:
关键词:
摘要: Intrusion attempts due to self-propagating code are becoming an increasingly urgent problem, in part the homogeneous makeup of internet. Recent advances anomaly-based intrusion detection systems (IDSs) have made use quickly spreading nature these attacks identify them with high sensitivity and at low false positive (FP) rates. However, slowly propagating much more difficult detect because they cloaked under veil normal network traffic, yet can be just as dangerous their exponential spread pattern. We extend idea using collaborative IDSs corroborate likelihood attack by imbuing end hosts probabilistic graphical models random messaging gossip state among peer detectors. show that such a system is able boost weak anomaly detector D order-of-magnitude slower worm, rates less than few per week, would possible alone end-host or on aggregation point. this general architecture scalable sense fixed absolute rate achieved size grows, spreads communication bandwidth uniformly throughout network, makes increased computation power distributed system. argue provides robust detections previous counting schemes allows account for heterogeneous detectors principled fashion.
bkveton.com 
researchgate.net 参考文章(19)
Levent Ertöz, Aleksandar Lazarevic, Vipin Kumar, Jaideep Srivastava, Aysel Ozgur, A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. siam international conference on data mining. pp. 25- 36 ,(2003)
Fabian Monrose, Moheeb Abu Rajab, Andreas Terzis, On the effectiveness of distributed worm monitoring usenix security symposium. pp. 15- 15 ,(2005)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Vern Paxson, Stuart Staniford, Nicholas Weaver, Stefan Savage, Colleen Shannon, David Moore, The Spread of the Sapphire/Slammer Worm ,(2003)
K.G. Anagnostakis, M.B. Greenwald, S. Ioannidis, A.D. Keromytis, Dekai Li, A cooperative immunization system for an untrusting Internet international conference on networks. pp. 403- 408 ,(2003) , 10.1109/ICON.2003.1266224
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Eleazar Eskin, Anomaly Detection over Noisy Data using Learned Probability Distributions international conference on machine learning. pp. 255- 262 ,(2000) , 10.7916/D8C53SKF
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Vern Paxson, Stuart Staniford, Nicholas Weaver, Very fast containment of scanning worms usenix security symposium. pp. 3- 3 ,(2004)