Abstract
Slow, suspicious and increasingly sophisticated malicious activities on modern networks are incredibly hard to detect. Attacker tactics such as source collusion and source address spoofing are common. Effective attribution of attacks therefore is a real challenge. To address this we propose an approach to utilise destination information of activities together with a data fusion technique to combine the output of several information sources to a single profile score. The main contribution of the paper is proposing a radical shift to the focus of analysis. Experimental results offer a promise for target centric monitoring that does not have to rely on possible source aggregation.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
(CSIEM): Cisco security information event management deployment guide (August 2013), http://www.cisco.com
Grubbs, R.E.: Procedures for Detecting Outlying Observations in Samples. Technometrics 11(1), 1–21 (1969)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Comput. Surv. 41(3), 15:1–15:58 (2009)
Kalutarage, H.K., Shaikh, S.A., Zhou, Q., James, A.E.: Sensing for suspicion at scale: A bayesian approach for cyber conflict attribution and reasoning. In: 4th International Conference on Cyber Conflict (CYCON), pp. 1–19 (2012)
Siaterlis, C., Maglaris, B.: Towards multisensor data fusion for dos detection. In: ACM Symposium on Applied Computing, pp. 439–446 (2004)
Whyte, D., van Oorschot, P.C., Kranakis, E.: Exposure maps: removing reliance on attribution during scan detection. In: Proceedings of the 1st USENIX Workshop on Hot Topics in Security, HOTSEC 2006. USENIX Association (2006)
Kalutarage, H.K., Shaikh, S.A., Zhou, Q., James, A.E.: Tracing sources of anonymous slow suspicious activities. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 122–134. Springer, Heidelberg (2013)
Vokorokos, L., Chovanec, M., Látka, O., Kleinova, A.: Security of distributed intrusion detection system based on multisensor fusion. In: 6th International Symposium on Applied Machine Intelligence and Informatics, pp. 19–24 (2008)
Patcha, A., Park, J.M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. In: Computer Networks. Elsevier (2007)
Kumar, S., Spafford, E.H.: An application of pattern matching in intrusion detection. In: Technical Report CSDTR-94-013 Purdue University, IN, USA (1994)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Computing Surveys 41 (2009)
Bhuyan, M.H., Bhattacharyya, D., Kalita, J.K.: Survey on incremental approaches for network anomaly detection. International Journal of Communication Networks and Information Security 3(3), 226–239 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kalutarage, H.K., Shaikh, S.A., Zhou, Q., James, A.E. (2013). Monitoring for Slow Suspicious Activities Using a Target Centric Approach. In: Bagchi, A., Ray, I. (eds) Information Systems Security. ICISS 2013. Lecture Notes in Computer Science, vol 8303. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45204-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-45204-8_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-45203-1
Online ISBN: 978-3-642-45204-8
eBook Packages: Computer ScienceComputer Science (R0)