Detecting Exploit Patterns from Network Flow Streams

نویسندگان

  • Bibudh Lahiri
  • Srikanta Tirthapura
چکیده

An Intrusion Detection System (IDS) is a piece of software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems, through a network such as the Internet. Network-based Intrusion Detection Systems (NIDS) try to detect malicious activities by monitoring network traffic. Research on network traffic measurement has identified various patterns that the typical exploits on today’s Internet exhibit. The goal of our research is to devise single-pass (online) data stream algorithms for detecting these patterns from network traffic flow data, using a workspace that is much smaller than the size of the traffic flow. We aim to design algorithms with a provable guarantee on the space and time requirements and the degree of approximation in the estimates returned.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Patterns of flow evolution in the central area of the Romanian Plain, Case study: the Calnistea Catchment (Romania)

This paper seeks to emphasize the flow variability in the Calnistea catchment by analyzing the local physiographic factors. The research has shown that the amount of precipitation that falls to the ground is low, the rocks in the region are soft, but highly permeable, gradients are gentle in most of the territory and vegetal cover is sparse and therefore cannot hold important amounts of water. ...

متن کامل

Detecting Privilege-Escalating Executable Exploits

The Lincoln Laboratory Malicious Code Detector (LIMACODE) is a system for statically detecting privilege-escalating exploits in data streams, such as files and network traffic. LIMACODE operates as follows: it scans data streams, identifies the language of the stream, then extracts language-specific features for input to a feed-forward neural network classifier which labels the stream as either...

متن کامل

Real-Time End-to-End Action Detection with Two-Stream Networks

Two-stream networks have been very successful for solving the problem of action detection. However, prior work using two-stream networks train both streams separately, which prevents the network from exploiting regularities between the two streams. Moreover, unlike the visual stream, the dominant forms of optical flow computation typically do not maximally exploit GPU parallelism. We present a ...

متن کامل

Adaptive Thresholds: Monitoring Streams of Network Counts Online

This paper describes a fast, statistically principled method for monitoring streams of network counts, which have long-term trends, rough cyclical patterns, outliers and missing data. The key step is to build a reference (predictive) model for the counts that captures their complex, salient features but has just a few parameters that can be kept up-to-date as the counts flow by, without requiri...

متن کامل

Adaptive Thresholds: Monitoring Streams of Network Counts

This article describes a fast, statistically principled method for monitoring streams of network counts, which have long-term trends, rough cyclical patterns, outliers, and missing data. The key step is to build a reference (predictive) model for the counts that captures their complex, salient features but has just a few parameters that can be kept up-to-date as the counts flow by, without requ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008