Enhancing Network Intrusion Detection by Correlation of Modularly Hashed Sketches

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F14%3A00073230" target="_blank" >RIV/00216224:14610/14:00073230 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1007/978-3-662-43862-6_19" target="_blank" >http://dx.doi.org/10.1007/978-3-662-43862-6_19</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-662-43862-6_19" target="_blank" >10.1007/978-3-662-43862-6_19</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Enhancing Network Intrusion Detection by Correlation of Modularly Hashed Sketches

Popis výsledku v původním jazyce

The rapid development of network technologies entails an increase in traffic volume and attack count. The associated increase in computational complexity for methods of deep packet inspection has driven the development of behavioral detection methods. These methods distinguish attackers from valid users by measuring how closely their behavior resembles known anomalous behavior. In real-life deployment, an attacker is flagged only on very close resemblance to avoid false positives. However, many attackscan then go undetected. We believe that this problem can be solved by using more detection methods and then correlating their results. These methods can be set to higher sensitivity, and false positives are then reduced by accepting only attacks reportedfrom more sources. To this end we propose a novel sketch-based method that can detect attackers using a correlation of particular anomaly detections.

Název v anglickém jazyce

Enhancing Network Intrusion Detection by Correlation of Modularly Hashed Sketches

Popis výsledku anglicky

The rapid development of network technologies entails an increase in traffic volume and attack count. The associated increase in computational complexity for methods of deep packet inspection has driven the development of behavioral detection methods. These methods distinguish attackers from valid users by measuring how closely their behavior resembles known anomalous behavior. In real-life deployment, an attacker is flagged only on very close resemblance to avoid false positives. However, many attackscan then go undetected. We believe that this problem can be solved by using more detection methods and then correlating their results. These methods can be set to higher sensitivity, and false positives are then reduced by accepting only attacks reportedfrom more sources. To this end we propose a novel sketch-based method that can detect attackers using a correlation of particular anomaly detections.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/VF20132015031" target="_blank" >VF20132015031: Bezpečnost optických prvků v datových a komunikačních sítích</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2014

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Monitoring and Securing Virtualized Networks and Services, Lecture Notes in Computer Science, Vol. 8508

ISBN

9783662438619

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

13

Strana od-do

160-172

Název nakladatele

Springer Berlin Heidelberg

Místo vydání

Berlin

Místo konání akce

Brno, Masarykova univerzita

Datum konání akce

1. 1. 2014

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000347615900019