LISA 2002 - Technical Program Abstract
Network-based Intrusion Detection - Modeling for a Larger Picture
Atsushi Totsuka - Tohoku University Hidenari Ohwada - NTT, Tokyo Nobuhisa Fujita - Tohoku University Debasish Chakraborty - Tohoku University Glenn Mansfield Keeni - Cyber Solutions, Inc.
Norio Shiratori - Tohoku University
Pp. 227-232 of the Proceedings of LISA '02:
Sixteenth Systems Administration Conference,
USENIX Association, 2002).
The Internet is changing computing more than ever before. As the
possibilities and the scopes are limitless, so too are the risks and
chances of malicious intrusions. Due to the increased connectivity and
the vast spectrum of financial possibilities, more and more systems
are subject to attack by intruders. One of the commonly used method
for intrusion detection is based on anomaly. Network based attacks may
occur at various levels, from application to link levels. So the
number of potential attackers or intruders are extremely large and
thus it is almost impossible to ``profile'' entities and detect
intrusions based on anomalies in host-based profiles. Based on meta-information, logical groupings has been made for the alerts that
belongs to same logical network, to get a clearer and boarder view of
the perpetrators. To reduce the effect of probably insignificant
alerts a threshold technique is used.
- View the full text of this paper in
PDF, and Postscript. Until November 2003, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.