Detecting and displaying novel computer attacks with Macroscope
نویسندگان
چکیده
Opinions, interpretations, conclusions, and recommendations are those of the authors and are not necessarily endorsed by the United States Air Force. Abstract-Macroscope is a network-based intrusion detection system that uses Bottleneck Verification to detect user-to-superuser attacks. Bottleneck Verification (BV) detects novel computer attacks by looking for users performing high privilege operations without passing through legal " bottleneck " checkpoints that grant those privileges. Macroscope's BV implementation models many common Unix commands, and has extensions to detect intrusions that exploit trust relationships, as well as previously installed Trojan programs. Bottleneck Verification performs at a false alarm rate more than two orders of magnitude lower than a reference signature verification system, while simultaneously increasing the detection rate from roughly 20% to 80% of user-to-super-user attacks.
منابع مشابه
A Novel Hybrid Approach for Email Spam Detection based on Scatter Search Algorithm and K-Nearest Neighbors
Because cyberspace and Internet predominate in the life of users, in addition to business opportunities and time reductions, threats like information theft, penetration into systems, etc. are included in the field of hardware and software. Security is the top priority to prevent a cyber-attack that users should initially be detecting the type of attacks because virtual environments are not moni...
متن کاملDetecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاملIntrusion Detection based on a Novel Hybrid Learning Approach
Information security and Intrusion Detection System (IDS) plays a critical role in the Internet. IDS is an essential tool for detecting different kinds of attacks in a network and maintaining data integrity, confidentiality and system availability against possible threats. In this paper, a hybrid approach towards achieving high performance is proposed. In fact, the important goal of this paper ...
متن کاملA Novel Trust Management Model in the Social Internet of Things
The Internet of Things (IoT) and social networking integration, create a new concept named Social Internet of Things (SIoT) according to which the things are able to autonomously establish social relationships with regard to the owners. Things in SIoT operate according to a service-oriented architecture. There may be misbehaving owners and consequently misbehaving devices that can perform harmf...
متن کاملDetecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IEEE Trans. Systems, Man, and Cybernetics, Part A
دوره 31 شماره
صفحات -
تاریخ انتشار 2001