Title

Locality-Based Profile Analysis For Secondary Intrusion Detection

Abstract

While a firewall at the perimeter of a local network provides the first line of defense against attackers, many intrusion incidents result from successful penetration of the firewall. The compromise of one computer puts the entire network at risk. We propose a distributed personal Intrusion Detection System (IDS) that provides local anomaly detection as well as centralized traffic analysis. The system first builds profiles for normal network activity and then labels as suspicious any events that deviate from the normal profiles. The normal profiles are based on variations in connection-based behavior at each individual host. Deviations at each host are recorded using a local weight assignment scheme and then further processed by the central analyzer to build a weighted link graph representing the overall network abnormality. As local networks become more vulnerable to inside attack, our system reinforces security to prevent corruption from the inside. © 2005 IEEE.

Publication Date

12-1-2005

Publication Title

Proceedings of the International Symposium on Parallel Architectures, Algorithms and Networks, I-SPAN

Volume

2005

Number of Pages

166-171

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/ISPAN.2005.56

Socpus ID

33846998595 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/33846998595

This document is currently not available here.

Share

COinS