Locality-Based Server Profiling for Intrusion Detection

Authors:
Robert Lee;Sheau-Dong Lang
Affiliations:
School of Electrical Engineering and Computer Science, University of Central Florida, Orlando, U.S.A. 32816;School of Electrical Engineering and Computer Science, University of Central Florida, Orlando, U.S.A. 32816
Venue:
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Year:
2008

Citing 6
Cited 0

Throttling Viruses: Restricting propagation to defeat malicious mobile code

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Designing a Framework for Active Worm Detection on Global Networks

IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
An immunological model of distributed detection and its application to computer security

An immunological model of distributed detection and its application to computer security
Locality: a new paradigm for thinking about normal behavior and outsider threat

Proceedings of the 2003 workshop on New security paradigms
Locality-based Profile Analysis for Secondary Intrusion Detection

ISPAN '05 Proceedings of the 8th International Symposium on Parallel Architectures,Algorithms and Networks
A Multi-Resolution Approach forWorm Detection and Containment

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Detection of intrusion on network servers plays an ever more important role in network security. This paper investigates whether analysis of incoming connection behavior for properties of locality can be used to create a normal profile for network servers. Intrusions can then be detected due to their abnormal behavior. Experiments show that connections to a typical network server do in fact exhibit locality, and attacks can be detected through their violation of locality.