Multi-paradigm frameworks for scalable intrusion detection
作者: Benjamin David Uphoff
DOI: 10.31274/RTD-180813-16509
关键词:
摘要: Research in network security and intrusion detection systems (IDSs) has typically focused on small or artificial data sets. Tools are developed that work well these sets but have trouble meeting the demands of real-world, large-scale environments. In addressing this problem, improvements must be made to foundations systems, including management, IDS accuracy alert volume. We address management information by presenting a database mediator system provides single query access via domain specific language. Results returned form XML using web services, allowing analysts from remote networks uniform manner. The also scalable capture log for multi-terabyte datasets. Next, we building an agent-based framework utilizes services make easy deploy capable spanning boundaries. Agents process alerts managed central broker. broker can define processing hierarchies assigning dependencies agents achieve scalability. used task event correlation, gathering relevant alert. Lastly, volume approach correlation is independent. Using correlated events gathered our agent framework, build feature vector each representing traffic profile internal host at time This as statistical fingerprint clustering algorithm groups related alerts. We analyze results with combination expert evaluation selection.
sci-hub.st 参考文章(45)
Toufic Boubez, Ryo Neyama, Yuichi Nakamura, Steve Graham, Simeon Simeonov, Doug Davis, Building Web Services with Java: Making Sense of XML, SOAP, WSDL, and UDDI ,(2001)
United Kingdom Parliament, Anti-terrorism, Crime and Security Act 2001 Queen's Printer of Acts of Parliament and the Controller of Her Majesty's Stationery Office. ,(2001)
Hector Garcia-Molina, Jennifer Widom, Jeffrey D. Ullman, Database Systems: The Complete Book ,(2001)
F. Cuppens, Managing alerts in a multi-intrusion detection environment annual computer security applications conference. pp. 22- 31 ,(2001) , 10.1109/ACSAC.2001.991518
Kathy Walrath, Alison Huml, Mary Campione, The Java Tutorial Continued: The Rest of the JDK Addison-Wesley Longman Publishing Co., Inc.. ,(1998)
Terran Lane, Carla E. Brodley, Temporal sequence learning and data reduction for anomaly detection computer and communications security. pp. 150- 158 ,(1998) , 10.1145/288090.288122
Tim Bass, Intrusion detection systems and multisensor data fusion Communications of The ACM. ,vol. 43, pp. 99- 105 ,(2000) , 10.1145/332051.332079
Hugh G. Gauch, A Quantitative Evaluation of the Bray-Curtis Ordination Ecology. ,vol. 54, pp. 829- 836 ,(1973) , 10.2307/1935677
R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, S. Zhou, Specification-based anomaly detection Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 265- 274 ,(2002) , 10.1145/586110.586146
Jouni Viinikka, Hervé Debar, Ludovic Mé, Renaud Séguier, Time series modeling for IDS alert management Proceedings of the 2006 ACM Symposium on Information, computer and communications security - ASIACCS '06. pp. 102- 113 ,(2006) , 10.1145/1128817.1128835