Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Exploratory Social Network Analysis with Pajek
Exploratory Social Network Analysis with Pajek
Automatic Generation and Analysis of NIDS Attacks
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Relevance search and anomaly detection in bipartite graphs
ACM SIGKDD Explorations Newsletter
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
On Signatures for Communication Graphs
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Statistical Analysis of Network Data: Methods and Models
Statistical Analysis of Network Data: Methods and Models
Estimating the number of hosts corresponding to an intrusion alert while preserving privacy
Journal of Computer and System Sciences
Hi-index | 0.00 |
A reasonable definition of intrusion is: entering a community to which one does not belong. This suggests that in a network, intrusion attempts may be detected by looking for communication that does not respect community boundaries. In this paper, we examine the utility of this concept for identifying malicious network sources. In particular, our goal is to explore whether this concept allows a core-network operator using flow data to augment signature-based systems located at network edges. We show that simple measures of communities can be defined for flow data that allow a remarkably effective level of intrusion detection simply by looking for flows that do not respect those communities. We validate our approach using labeled intrusion attempt data collected at a large number of edge networks. Our results suggest that community-based methods can offer an important additional dimension for intrusion detection systems.