Behavioral Intrusion Detection
نویسنده
چکیده
In this paper we describe anomaly-based intrusion detection as a specialized case of the more general behavior detection problem. We draw concepts from the field of ethology to help us describe and characterize behavior and interactions. We briefly introduce a general framework for behavior detection and an algorithm for building a Markov-based model of behavior. We then apply the framework creating a proof-of-concept intrusion detection system (IDS) that can detect normal and intrusive behavior.
منابع مشابه
Overview of Intrusion Detection Techniques in Database
Data is one of the most valuable assets in today's world and is used in the everyday life of every person and organization. This data stores in a database in order to restore and maintain its efficiently. Since there is a database that can be exploited by SQL injection attacks, internal threats, and unknown threats, there are always concerns about the loss or alteration of data by unauthorized ...
متن کاملPROFIDES - Profile based Intrusion Detection Approach Using Traffic Behavior over Mobile Ad Hoc Network
Intrusion Detection in MANET is one of the major concern in peerto-peer networking scenario where mobile / wireless nodes communicate with each other without any pre-defined infra-structural setup. This paper presents an overview of various intrusion detection models, identifying its issues, discusses on design and proposes an intrusion detection system using profile based traffic behavior scen...
متن کاملLIDS : A Learning Intrusion Detection System
The detection of attacks against computer networks is becoming a harder problem to solve in the field of network security. The dexterity of the attackers, the developing technologies and the enormous growth of internet traffic have made it difficult for any existing intrusion detection system to offer a reliable service. However, a close examination of the problem shows that there usually exist...
متن کاملBehavioral Distance for Intrusion Detection
We introduce a notion, behavioral distance, for evaluating the extent to which processes—potentially running different programs and executing on different platforms—behave similarly in response to a common input. We explore behavioral distance as a means to detect an attack on one process that causes its behavior to deviate from that of another. We propose a measure of behavioral distance and a...
متن کاملA Early Detection of Cyber Security Threats using Structured Behavior Modeling
The rapid evolution of network intrusions has rendered traditional Intrusion Detection Systems (IDS) insufficient for cyber attacks such as the Advanced Persistent Threats (APT), which are sophisticated and enduring network intrusion campaigns comprising multiple imperceptible steps of malicious cyber activities. Dealing with such elaborated network intrusions calls for novel and more proactive...
متن کامل