ACM Transactions on Information and System Security (TISSEC)
AudES - An Expert System for Security Auditing
IAAI '90 Proceedings of the The Second Conference on Innovative Applications of Artificial Intelligence
Statistical Traffic Modeling for Network Intrusion Detection
MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Unsupervised anomaly detection in network intrusion detection using clusters
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
The authentication logs on a network can provide a trove of information for discovering potential anomalies in login attempts. Using such logs collected by a production Virtual Private Network device over a period of 15 months, we generate a diurnal model of network accesses. These models are used to detect anomalous authentications, which merit further investigation by a security analyst. We intend that this work will dramatically reduce the amount time spent by analysts identifying anomalous events and allow them to focus on in-depth analysis of these anomalies. Our work makes two contributions: a novel approach of mining authentication data, and the use of geographic distance as a metric to evaluate Virtual Private Network connections. We demonstrate the success of our model using real-world case analysis.