Design and implementation of a behavioral difference analyzer for network intrusion detection
Article No.: 69, Pages 1 - 5
Abstract
This paper discusses the use of diversity and redundancy techniques for network intrusion detection, and explains the design and implementation of a Behavioral Difference Analyzer to examine behavioral disparity of two heterogeneous network servers under normal and compromised conditions. The challenges of differential intrusion detection are explained, and solutions and algorithms for carrying out differential analysis are proposed.
References
[1]
R. Bace and P. Mell. Special publication on intrusion detection system. Technical Report SP-800-31, National Institute of Standards and Technology, Gaithersburg, MD, USA, November 2001.
[2]
M. Castro and B. Liskov. Practical byzantine fault tolerance. In OSDI: Symposium on Operating Systems Design and Implementation, pages 173--186, New Orleans, Louisiana, USA, February 1999. USENIX Association.
[3]
Ethereal Inc. Ethereal Network Protocol Analyzer. http://www.ethereal.com, accessed April 2006.
[4]
Fyodor. Nmap: Scanner for network exploration and security auditing. http://www.insecure.org/nmap, accessed April 2006.
[5]
F. Gong, K. Goseva-Popstojanova, F. Wang, R. Wang, K. Vaidyanathan, K. Trivedi, and B. Muthusamy. Characterizing intrusion tolerant systems using a state transition model. In Proceedings of DARPA Information Survivability Conference and Exposition II (DISCEX '01), volume 2, pages 211--221, Anaheim, CA, USA, June 2001.
[6]
B. J. Min and J. S. Choi. An approach to intrusion tolerance for mission-critical services using adaptability and diverse replication. Future Generation Computer Systems, 20(2):303--313, 2004.
[7]
B. J. Min and S. K. Kim. A replicated server architecture supporting survivable services. In Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA '03), volume 4, pages 1761--1766, Las Vegas, NV, USA, June 2003. CSREA Press.
[8]
D. C. Montgomery. Introduction to Statistical Quality Control. John Wiley and Sons, USA, July 2004.
[9]
J. C. Reynolds, J. E. Just, E. Lawson, L. A. Clough, R. Maglich, and K. N. Levitt. The design and implementation of an intrusion tolerant system. In Proceedings of the International Conference on Dependable Systems and Networks (DSN '02), pages 285--292, Washington DC, USA, 2002. IEEE Computer Society.
[10]
F. Wang, F. Gong, C. Sargor, K. Goseva-Popstojanova, K. Trivedi, and F. Jou. SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services. In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, pages 38--45, West Point, NY, USA, June 2001.
[11]
R. Wang, F. Wang, and G. Byrd. Design and implementation of acceptance monitor for building scalable intrusion tolerant system. Software Practice and Experience, 33(1):1399--1417, 2003.
[12]
N. Ye, S. Vilbert, and Q. Chen. Computer intrusion detection through EWMA for autocorrelated and uncorrelated data. IEEE Transactions on Reliability, 52(1):75--82, March 2003.
Index Terms
- Design and implementation of a behavioral difference analyzer for network intrusion detection
Recommendations
Syntax vs. semantics: competing approaches to dynamic network intrusion detection
Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-...
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion
In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conferenceAlthough network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2006
389 pages
ISBN:1595936041
DOI:10.1145/1501434
- General Chair:
- Greg Sprague,
- Program Chairs:
- Bernadette Schell,
- Wilfred Fong
Copyright © 2006 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 October 2006
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
PST06
PST06: International Conference on Privacy, Security and Trust
October 30 - November 1, 2006
Ontario, Markham, Canada
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 124Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 19 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in