Detecting exploit patterns from network packet streams
作者: Bibudh Lahiri
关键词:
摘要: Network-based Intrusion Detection Systems (NIDS), e.g., Snort, Bro or NSM, try to detect malicious network activity such as Denial of Service (DoS) attacks and port scans by monitoring traffic. Research from traffic measurement has identified various patterns that exploits on today's Internet typically exhibit. However, there not been any significant attempt, so far, design algorithms with provable guarantees for detecting exploit packets. In this work, we develop apply data streaming packet streams. In intrusion detection, it is necessary analyze large volumes in an online fashion. Our work addresses scalable analysis under the following situations. (1) Attack can be stealthy nature, which means a few covert attackers might call checking logs days even months, (2) Traffic multidimensional correlations between multiple dimensions maybe important, (3) Sometimes sources may need analyzed combined manner. offer bounds resource consumption approximation error. theoretical results are supported experiments over real traces synthetic datasets.
sci-hub.st 参考文章(63)
Maya Haridasan, Robbert van Renesse, Gossip-based distribution estimation in peer-to-peer networks international workshop on peer to peer systems. pp. 13- 13 ,(2008)
Paul Helman, Wynette Richards, Gunar E. Liepins, Foundations of Intrusion Detection. ieee computer security foundations symposium. pp. 114- 120 ,(1992)
Moses Charikar, Kevin Chen, Martin Farach-Colton, Finding Frequent Items in Data Streams international colloquium on automata languages and programming. ,vol. 312, pp. 693- 703 ,(2002) , 10.1016/S0304-3975(03)00400-6
Frederic Giroire, Jaideep Chandrashekar, Nina Taft, Eve Schooler, Dina Papagiannaki, Exploiting Temporal Persistence to Detect Covert Botnet Channels recent advances in intrusion detection. pp. 326- 345 ,(2009) , 10.1007/978-3-642-04342-0_17
Oleg Kolesnikov, Wenke Lee, Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic Georgia Institute of Technology. ,(2005)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Ahmed Metwally, Divyakant Agrawal, Amr El Abbadi, Efficient Computation of Frequent and Top-k Elements in Data Streams Database Theory - ICDT 2005. pp. 398- 412 ,(2004) , 10.1007/978-3-540-30570-5_27
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Eli Upfal, Michael Mitzenmacher, Probability and Computing: Randomized Algorithms and Probabilistic Analysis ,(2005)
Amit Chakrabarti, Khanh Do Ba, S. Muthukrishnan, Estimating entropy and entropy norm on data streams symposium on theoretical aspects of computer science. ,vol. 3, pp. 196- 205 ,(2006) , 10.1007/11672142_15