The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Anomaly Detection over Noisy Data using Learned Probability Distributions
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Case-Based Reasoning for Intrusion Detection
ACSAC '96 Proceedings of the 12th Annual Computer Security Applications Conference
Measuring normality in HTTP traffic for anomaly-based intrusion detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Intrusion detection using sequences of system calls
Journal of Computer Security
Behavioral clustering of HTTP-based malware and signature generation using malicious network traces
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Prioritizing intrusion analysis using Dempster-Shafer theory
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Anomaly detection and mitigation at internet scale: a survey
AIMS'13 Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943
Hi-index | 0.00 |
Corporations worldwide work with teams of often dedicated system administrators to maintain, detect and prevent network infringements. This is a highly user-driven process that consumes hundreds (if not thousands) of man hours yearly. User reporting, the basis of most of these incident detection systems suffers from various biases and leads to below-par security measures. In the paper, we provide an approach for near real-time analysis of ongoing events on controlled networks, while requiring no end-user interaction and saving on system administrator's effort. Our proposed solution, ReasONets, a lightweight, distributed system, provides situational awareness in case of network incidents. ReasONets combines aspects of anomaly detection with Case-Based Reasoning (CBR) methodologies to reason about ongoing security events in a network, including their nature, severity and sources. We build a fully running prototype of ReasONets, to demonstrate the accuracy of the system, in doing reasoning and inference on the network status by exploiting events and network features. To the best of our knowledge, ReasONets is the first of its kind system combining detection and classification of network events with realtime reasoning while being capable of scaling up to large network sizes.