Network-based Intrusion detection - Modeling for a larger picture

Atsushi Totsuka; Hidenari Ohwada; Nobuhisa Fujita; Debasish Chakraborty; Glenn Mansfield Keeni; Norio Shiratori

Network-based Intrusion detection - Modeling for a larger picture

Atsushi Totsuka, Hidenari Ohwada, Nobuhisa Fujita, Debasish Chakraborty, Glenn Mansfield Keeni, Norio Shiratori

IMRAM - Division of Inorganic Material Research

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The Internet is changing computing more than ever before. As the possibilities and the scopes are limitless, so too are the risks and chances of malicious intrusions. Due to the increased connectivity and the vast spectrum of financial possibilities, more and more systems are subject to attack by intruders. One of the commonly used method for intrusion detection is based on anomaly. Network based attacks may occur at various levels, from application to link levels. So the number of potential attackers or intruders are extremely large and thus it is almost impossible to ''profile'' entities and detect intrusions based on anomalies in host-based profiles. Based on meta-information, logical groupings has been made for the alerts that belongs to same logical network, to get a clearer and boarder view of the perpetrators. To reduce the effect of probably insignificant alerts a threshold technique is used.

Original language	English
Title of host publication	Proceedings of the 16th Conference on Systems Administration, LISA 2002
Publisher	USENIX Association
Pages	227-232
Number of pages	6
ISBN (Electronic)	193197103X, 9781931971034
Publication status	Published - 2002
Event	16th Systems Administration Conference, LISA 2002 - Philadelphia, United States Duration: 2002 Nov 3 → 2002 Nov 8

Publication series

Name	Proceedings of the 16th Conference on Systems Administration, LISA 2002

Conference

Conference	16th Systems Administration Conference, LISA 2002
Country/Territory	United States
City	Philadelphia
Period	02/11/3 → 02/11/8

Cite this

@inproceedings{c4860bae24c3464dbe275f353f1bbf64,

title = "Network-based Intrusion detection - Modeling for a larger picture",

abstract = "The Internet is changing computing more than ever before. As the possibilities and the scopes are limitless, so too are the risks and chances of malicious intrusions. Due to the increased connectivity and the vast spectrum of financial possibilities, more and more systems are subject to attack by intruders. One of the commonly used method for intrusion detection is based on anomaly. Network based attacks may occur at various levels, from application to link levels. So the number of potential attackers or intruders are extremely large and thus it is almost impossible to ''profile'' entities and detect intrusions based on anomalies in host-based profiles. Based on meta-information, logical groupings has been made for the alerts that belongs to same logical network, to get a clearer and boarder view of the perpetrators. To reduce the effect of probably insignificant alerts a threshold technique is used.",

author = "Atsushi Totsuka and Hidenari Ohwada and Nobuhisa Fujita and Debasish Chakraborty and Keeni, {Glenn Mansfield} and Norio Shiratori",

note = "Publisher Copyright: {\textcopyright} Proceedings of the 16th Conference on Systems Administration, LISA 2002. All rights reserved.; 16th Systems Administration Conference, LISA 2002 ; Conference date: 03-11-2002 Through 08-11-2002",

year = "2002",

language = "English",

series = "Proceedings of the 16th Conference on Systems Administration, LISA 2002",

publisher = "USENIX Association",

pages = "227--232",

booktitle = "Proceedings of the 16th Conference on Systems Administration, LISA 2002",

}

Totsuka, A, Ohwada, H, Fujita, N, Chakraborty, D, Keeni, GM & Shiratori, N 2002, Network-based Intrusion detection - Modeling for a larger picture. in Proceedings of the 16th Conference on Systems Administration, LISA 2002. Proceedings of the 16th Conference on Systems Administration, LISA 2002, USENIX Association, pp. 227-232, 16th Systems Administration Conference, LISA 2002, Philadelphia, United States, 02/11/3.

Network-based Intrusion detection - Modeling for a larger picture. / Totsuka, Atsushi; Ohwada, Hidenari; Fujita, Nobuhisa et al.
Proceedings of the 16th Conference on Systems Administration, LISA 2002. USENIX Association, 2002. p. 227-232 (Proceedings of the 16th Conference on Systems Administration, LISA 2002).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Network-based Intrusion detection - Modeling for a larger picture

AU - Totsuka, Atsushi

AU - Ohwada, Hidenari

AU - Fujita, Nobuhisa

AU - Chakraborty, Debasish

AU - Keeni, Glenn Mansfield

AU - Shiratori, Norio

PY - 2002

Y1 - 2002

N2 - The Internet is changing computing more than ever before. As the possibilities and the scopes are limitless, so too are the risks and chances of malicious intrusions. Due to the increased connectivity and the vast spectrum of financial possibilities, more and more systems are subject to attack by intruders. One of the commonly used method for intrusion detection is based on anomaly. Network based attacks may occur at various levels, from application to link levels. So the number of potential attackers or intruders are extremely large and thus it is almost impossible to ''profile'' entities and detect intrusions based on anomalies in host-based profiles. Based on meta-information, logical groupings has been made for the alerts that belongs to same logical network, to get a clearer and boarder view of the perpetrators. To reduce the effect of probably insignificant alerts a threshold technique is used.

AB - The Internet is changing computing more than ever before. As the possibilities and the scopes are limitless, so too are the risks and chances of malicious intrusions. Due to the increased connectivity and the vast spectrum of financial possibilities, more and more systems are subject to attack by intruders. One of the commonly used method for intrusion detection is based on anomaly. Network based attacks may occur at various levels, from application to link levels. So the number of potential attackers or intruders are extremely large and thus it is almost impossible to ''profile'' entities and detect intrusions based on anomalies in host-based profiles. Based on meta-information, logical groupings has been made for the alerts that belongs to same logical network, to get a clearer and boarder view of the perpetrators. To reduce the effect of probably insignificant alerts a threshold technique is used.

UR - http://www.scopus.com/inward/record.url?scp=85094558031&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85094558031&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85094558031

T3 - Proceedings of the 16th Conference on Systems Administration, LISA 2002

SP - 227

EP - 232

BT - Proceedings of the 16th Conference on Systems Administration, LISA 2002

PB - USENIX Association

T2 - 16th Systems Administration Conference, LISA 2002

Y2 - 3 November 2002 through 8 November 2002

ER -

Network-based Intrusion detection - Modeling for a larger picture

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this