https://scholars.lib.ntu.edu.tw/handle/123456789/456090
標題: | Behavior profiling for robust anomaly detection | 作者: | Hsiao, S.-W. YEALI SUN Chen, M.C. Zhang, H. |
關鍵字: | Anomaly detection; Attack accessment; Behavioral analysis; Finite state machine; Netwrok service | 公開日期: | 2010 | 起(迄)頁: | 465-471 | 來源出版物: | 2010 IEEE International Conference on Wireless Communications, Networking and Information Security, WCNIS 2010 | 摘要: | Internet attacks are evolving using evasion techniques such as polymorphism and stealth scanning. Conventional detection systems using signature-based and/or rule-based anomaly detection techniques no longer suffice. It is difficult to predict what form the next malware attack will take and these pose a great challenge to the design of a robust intrusion detection system. We focus on the anomalous behavioral characteristics between attack and victim when they undergo sequences of compromising actions and that are inherent to the classes of vulnerability-exploit attacks. A new approach, Gestalt, is proposed to statefully capture and monitor activities between hosts and progressively assess possible network anomalies by multilevel behavior tracking, cross-level triggering and correlation, and a probabilistic inference model is proposed for intrusion assessment and detection. Such multilevel design provides a collective perspective to reveal more anomalies than individual levels. We show that Gestalt is robust and effective in detecting polymorphic, stealthy variants of known attacks. ©2010 IEEE. |
URI: | https://scholars.lib.ntu.edu.tw/handle/123456789/456090 | DOI: | 10.1109/WCINS.2010.5541822 | SDG/關鍵字: | Anomaly detection; Attack accessment; Behavioral analysis; Finite state machines; Netwrok service; Computer crime; Contour followers; Wireless networks; Wireless telecommunication systems; Intrusion detection |
顯示於: | 資訊管理學系 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。