Dependency-based distributed intrusion detection
作者: Karen Sollins , Dah-Yoh Lim , Ji Li
DOI:
关键词:
摘要: Distributed network intrusion detection has attracted much attention recently. Our main focus in this work is on zero-day, slow-scanning worms, of which no existing signatures are available. We organize end hosts into regions based knowledge, we posit positively correlated to the dependency structure. Leveraging organization, apply different techniques within and across regions. use a hidden Markov model (HMM) region capture among hosts, sequential hypothesis testing (SHT) globally take advantage independence between conduct experiments DETER, preliminary results show improvement effectiveness reduction communication overhead.
参考文章(14)
John Mark Agosta, Denver Dash, Abraham Bachrach, Eve Schooler, Jaideep Chandrashekar, Alex Newman, Branislav Kveton, When gossip is good: distributed probabilistic inference for detection of slow network intrusions national conference on artificial intelligence. pp. 1115- 1122 ,(2006)
John Mark Agosta, Jaideep Chandrashekar, Carlos Diuk-Wasser, Carl Livadas, An adaptive anomaly detector for worm detection usenix workshop on tackling computer systems problems with machine learning techniques. pp. 3- ,(2007)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Alex Waibel, Kai-Fu Lee, Readings in speech recognition Morgan Kaufmann Publishers Inc.. ,(1990)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Jaeyeon Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing ieee symposium on security and privacy. pp. 211- 225 ,(2004) , 10.1109/SECPRI.2004.1301325
Dah-Yoh Lim, Ji Li, Karen Sollins, Implementing aggregation and broadcast over Distributed Hash Tables acm special interest group on data communication. ,vol. 35, pp. 81- 92 ,(2005) , 10.1145/1052812.1052813
D. Brumley, J. Newsome, D. Song, Hao Wang, Somesh Jha, Towards automatic generation of vulnerability-based signatures ieee symposium on security and privacy. pp. 2- 16 ,(2006) , 10.1109/SP.2006.41
Ji Li, K. Sollins, Exploiting autonomous system information in structured peer-to-peer networks international conference on computer communications and networks. pp. 403- 408 ,(2004) , 10.1109/ICCCN.2004.1401686