Skip to main content
Article thumbnail
Location of Repository

Dependency-based distributed intrusion detection

By Ji Li, Dah-yoh Lim and Karen Sollins

Abstract

Distributed network intrusion detection has attracted much attention recently. Our main focus in this work is on zero-day, slow-scanning worms, of which no existing signatures are available. We organize end hosts into regions based on network knowledge, which we posit is positively correlated to the dependency structure. Leveraging on this organization, we apply different intrusion detection techniques within and across regions. We use a hidden Markov model (HMM) within a region to capture the dependency among hosts, and use sequential hypothesis testing (SHT) globally to take advantage of the independence between regions. We conduct experiments on DETER, and preliminary results show improvement on detection effectiveness and reduction of communication overhead.

Year: 2007
OAI identifier: oai:CiteSeerX.psu:10.1.1.184.3528
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.usenix.org/events/d... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.