会议论文详细信息
DETER Community Workshop on Cyber Security Experimentation and Test 2007
Dependencybased Distributed Intrusion Detection
Ji Li Dah-Yoh Lim Karen Sollins
PID  :  80528
来源: CEUR
PDF
【 摘 要 】

Distributed network intrusion detection has attracted much attention recently. Our main focus in this work is on zeroday, slowscanning worms, of which no exist ing signatures are available. We organize end hosts into regions based on network knowledge, which we posit is positively correlated to the dependency structure. Lever aging on this organization, we apply different intrusion detection techniques within and across regions. We use a hidden Markov model (HMM) within a region to capture the dependency among hosts, and use sequential hypoth esis testing (SHT) globally to take advantage of the inde pendence between regions. We conduct experiments on DETER, and preliminary results show improvement on detection effectiveness and reduction of communication

【 预 览 】
附件列表
Files Size Format View
Dependencybased Distributed Intrusion Detection 533KB PDF download
  文献评价指标  
  下载次数:9次 浏览次数:5次