高级搜索
    删除搜索历史记录.
    我的图书馆

    Is Host-Based Anomaly Detection + Temporal Correlation = Worm Causality

    作者: Michael K. Reiter , Vyas Sekar , Hui Zhang , Yinglian Xie

    DOI:

    关键词:

    摘要: Abstract : Epidemic-spreading attacks (e.g., worm and botnet propagation) have a natural notion of attack causality - single network flow causes victim host to get infected subsequently spread the attack. This paper is motivated by simple question regarding diagnosis such it possible establish attack-causality through network-level monitoring, without relying on signatures attack-specific properties? Using observation that communication patterns normal hosts are sparse, we posit hypothesis feasible uncover combination host-based anomaly detection temporal correlation events. The contribution this systematic exploration over spectrum properties system design options. Our analysis, trace-driven experiments, real prototype based study suggest accurately using event in enterprise environments with tens thousands hosts.

    参考文章(24)
    1.
    Dominic G. Lucchetti, Peter M. Chen, Zhuoqing Morley Mao, Samuel T. King, Enriching Intrusion Alerts Through Multi-Host Causality. network and distributed system security symposium. ,(2005)
    2.
    Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
    3.
    John G. Aiken, Daniel R. Ellis, Paul G. Amman, David R. Keppler, April, Adam M. McLeod, Graph-based Worm Detection On Operational Enterprise Networks ,(2006)
    4.
    Vern Paxson, Yin Zhang, Detecting stepping stones usenix security symposium. pp. 13- 13 ,(2000)
    5.
    Paul C. van Oorschot, Evangelos Kranakis, David Whyte, DNS-based Detection of Scanning Worms in an Enterprise Network. network and distributed system security symposium. ,(2005)
    6.
    William Aiello, Patrick D. McDaniel, Jacobus E. van der Merwe, Oliver Spatscheck, Subhabrata Sen, Charles R. Kalmanek, Enterprise Security: A Community of Interest Based Approach. network and distributed system security symposium. ,(2006)
    7.
    Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
    8.
    Stuart E. Schechter, Jaeyeon Jung, Arthur W. Berger, Fast Detection of Scanning Worm Infections recent advances in intrusion detection. pp. 59- 81 ,(2004) , 10.1007/978-3-540-30143-1_4
    9.
    Sarma Vangala, Kevin Kwiat, Lixin Gao, Jiang Wu, An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques ,(2003)
    10.
    Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
    来源期刊
    • 2007 年,
    • Volume: , Issue: ,
    • Page:
    相似文章 8
    学术资源搜索(ver.BATE)

    为学术研究人员、学生以及专业人士设计的在线资源检索工具。
    致力于为用户提供全球范围内高质量开放学术文献、研究报告、会议论文、期刊文章等学术资源的便捷访问.

    Copyright © 2023. KipHub all right reserved. 沪ICP备2023020492号-1
    联系方式Terms & ConditionsSecurity
    Copyright 2023 ©KipHub.