A tutorial on hidden Markov models and selected applications in speech recognition
Readings in speech recognition
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Designing for scale and differentiation
FDNA '03 Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Implementing aggregation and broadcast over Distributed Hash Tables
ACM SIGCOMM Computer Communication Review
Host-based detection of worms through peer-to-peer cooperation
Proceedings of the 2005 ACM workshop on Rapid malcode
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A distributed host-based worm detection system
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
An adaptive anomaly detector for worm detection
SYSML'07 Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques
When gossip is good: distributed probabilistic inference for detection of slow network intrusions
AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2
International Journal of Sensor Networks
A model for detecting "global footprint anomalies" in a grid environment
PAISI'10 Proceedings of the 2010 Pacific Asia conference on Intelligence and Security Informatics
Hi-index | 0.00 |
Distributed network intrusion detection has attracted much attention recently. Our main focus in this work is on zero-day, slow-scanning worms, of which no existing signatures are available. We organize end hosts into regions based on network knowledge, which we posit is positively correlated to the dependency structure. Leveraging on this organization, we apply different intrusion detection techniques within and across regions. We use a hidden Markov model (HMM) within a region to capture the dependency among hosts, and use sequential hypothesis testing (SHT) globally to take advantage of the independence between regions. We conduct experiments on DETER, and preliminary results show improvement on detection effectiveness and reduction of communication overhead.