2,359 Hits in 6.8 sec

Anomaly Detection Using Digital Signature of Network Segment Aiming to Help Network Management

M.L. Proença Júnior, B.B. Zarpelão, L.S. Mendes
2008 Journal of Communication and Information Systems  
The main contributions of this work are: (i) case studies for traffic characterization of network servers using BLGBA model and DSNS; (ii) a model for anomaly detection; (iii) several tests of the model  ...  using real data in four network servers. .  ...  In this work, we use the DSNS (Digital Signature of Network Segment) generated by BLGBA (Baseline for Automatic Backbone Management) model for traffic characterization.  ... 
doi:10.14209/jcis.2008.1 fatcat:ftkinjr3sva6hdxly53nrx3ace

Anomaly Detection Aiming Pro-Active Management of Computer Network Based on Digital Signature of Network Segment

Bruno Bogaz Zarpelão, Leonardo de Souza Mendes, Mario Lemes Proença Jr.
2007 Journal of Network and Systems Management  
This paper proposes a novel anomaly detection system based on the comparison of real traffic and DSNS (Digital Signature of Network Segment), generated by BLGBA model, within a hysteresis interval using  ...  Extensive experimental results on real network servers confirmed that our system is able to detect anomalies on the monitored devices, avoiding the high false alarms rate.  ...  [11] [12] , for the calculation of the DSNS (Digital Signature of Network Segment) to detect anomalies as a suggestion to solve this issue.  ... 
doi:10.1007/s10922-007-9064-y fatcat:cbxulkcjrvagdpgxf2c6nz5iyi

Experimental Evaluation of a Hybrid Intrusion Detection System for Cloud Computing

Abdallah Ghourabi, Jouf University, Saudi Arabia
2019 International Journal of Advanced Trends in Computer Science and Engineering  
This leads us to use specific intrusion detectors for each layer. The detection model relies on two techniques: signature-based detection and anomaly-based detection.  ...  The purpose of our approach is to protect the most important layers of the cloud using intrusion detection systems. Each layer has its properties that makes it different from other layers.  ...  The detection process is segmented into two zones 1. Signature-based detection zone: to defend against known attacks. 2. Anomaly-based detection zone: to defend against previously unknown attacks.  ... 
doi:10.30534/ijatcse/2019/65862019 fatcat:uesxo4foa5dvrmbf7bv6fjo45a

Intrusion Monitoring in Process Control Systems

Alfonso Valdes, Steven Cheung
2009 2009 42nd Hawaii International Conference on System Sciences  
Also, we leverage some of the characteristics of process control systems such as the regularity of network traffic patterns to perform intrusion detection, with the potential to detect unknown attacks.  ...  To protect process control networks from cyber intrusions, preventive security measures such as perimeter defenses (for example, network firewalls and demilitarized zones) and secure versions of process  ...  , or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.  ... 
doi:10.1109/hicss.2009.273 dblp:conf/hicss/ValdesC09 fatcat:p2cvzzjhv5hp7hmgwxu6droe4e

Anomaly detection using the correlational paraconsistent machine with digital signatures of network segment

Eduardo H.M. Pena, Luiz F. Carvalho, Sylvio Barbon Jr., Joel J.P.C. Rodrigues, Mario Lemes Proença Jr.
2017 Information Sciences  
sources chosen for anomaly detection.  ...  This study presents the correlational paraconsistent machine (CPM), a tool for anomaly detection that incorporates unsupervised models for traffic characterization and principles of paraconsistency, to  ...  Acknowledgments This work has been partially supported by the National Council for Scientific and Technological Development  ... 
doi:10.1016/j.ins.2017.08.074 fatcat:75yshcghabc35pu4hswnie6qki

An adaptive profile-based approach for detecting anomalous traffic in backbone

Xiao-Dong Zang, Jian Gong, Xiao-Yan Hu
2019 IEEE Access  
Then, the digital signature matrix obtained by using the ant colony optimization (ACO) algorithm is applied to construct the baseline profile of the normal traffic behavior.  ...  Anomaly detection is the first step with a challenging task of securing a communication network, as the anomalies may indicate suspicious behaviors, attacks, network malfunctions, or failures.  ...  ACKNOWLEDGMENT Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of those sponsors.  ... 
doi:10.1109/access.2019.2914303 fatcat:peziujuwcnenrgvzqaaocgvj6a

Detection, correlation, and visualization of attacks against critical infrastructure systems

Linda Briesemeister, Steven Cheung, Ulf Lindqvist, Alfonso Valdes
2010 2010 Eighth International Conference on Privacy, Security and Trust  
We present some results of the DATES (Detection and Analysis of Threats to the Energy Sector) project, wherein we adapted and developed several intrusion detection technologies for control systems.  ...  We particularly focused on detection, correlation, and visualization of a network traversal attack, where an attacker penetrates successive network layers to compromise critical assets that directly control  ...  , or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.  ... 
doi:10.1109/pst.2010.5593242 dblp:conf/pst/BriesemeisterCLV10 fatcat:fczqy47jhndwfbfsbgnvqebzlu

Security Implementation through PCRE Signature over Cloud Network

Gaurav Raj
2012 Advanced Computing An International Journal  
Intrusion detection systems work on signature based analysis and anomaly based detection, which makes it vulnerable for new evasion techniques.  ...  With invention of new tools and technologies, the attackers are designing new methods to evade present security models. One of such security models is Intrusion detections.  ...  Snort uses a ruledriven language which combines the benefits of signature, protocol and anomaly-based inspection methods.  ... 
doi:10.5121/acij.2012.3312 fatcat:ctwpj7ujzjdotlrbj7u6koyqea

RETRACTED: Using Snort for Network-Based Forensics [chapter]

Terrence V. Lillard, Clint P. Garrison, Craig A. Schiller, James Steele
2010 Digital Forensics for Network, Internet, and Cloud Computing  
For the detection of network and/or system security policy violations, most IDSes use one of two detection techniques: statistical anomaly based and/or signature based.  ...  These plug-ins analyze segmented server message block (SMB) traffic to access the DCE/RPC traffic. The purpose of these is to circumvent techniques used to evade IDS detection.  ... 
doi:10.1016/b978-1-59749-537-0.00005-3 fatcat:mbieoe23bffgbkaswwg6z4hgbq

Monitoring Internet Access along with Usage of Bandwidth Using Intrusion Detection System

Rajagopal D Thilakavalli K
2015 International Journal of Sensor Networks and Data Communications  
New Approach to observe web Access beside Usage of information measure victimization Intrusion Detection System could be a comprehensive web use observation and news utility for company networks.  ...  It takes advantage of the very fact that the majority companies give web access through proxy servers, like MS ISA Server, MS Forefront TMG, WinGate, WinRoute, MS Proxy, WinProxy, EServ, Squid, Proxy Plus  ...  The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies [17] . Network-based vs.  ... 
doi:10.4172/2090-4886.1000119 fatcat:2lkqorfiurfbvkgq4qobcar4we

Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP

Soon Tee Teoh, Ke Zhang, Shih-Ming Tseng, Kwan-Liu Ma, S. Felix Wu
2004 Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security - VizSEC/DMSEC '04  
In this paper, we describe an integration of visual and automated data mining methods for discovering and investigating anomalies in Internet routing.  ...  In the past, we and other researchers have presented various visual-based, statistical-based, and signature-based methods of analyzing Internet routing data.  ...  It is the mechanism by which a packet gets from its Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not  ... 
doi:10.1145/1029208.1029215 dblp:conf/vizsec/TeohZTMW04 fatcat:lrm23xdedjgf7lhm7ctafxv43y

Network Anomaly Detection in Critical Infrastructure Based on Mininet Network Simulator

Giuseppe Bernieri, Federica Pascucci, Javier López
2017 Italian Conference on Cybersecurity  
In this paper, a highly-configurable network anomaly detection system for Critical Infrastructure scenarios is presented.  ...  Finally, a cyber-attack has been implemented for showing both the effectiveness and capability of the proposed network security system.  ...  completed, this is used for the anomaly detection active task.  ... 
dblp:conf/itasec/BernieriPL17 fatcat:tjxwly2rtzeppiwc7olkmfpfom

Information Security in Healthcare Organizations using Low-Interaction Honeypot Intrusion Detection System

Aastha Yadav, Sarthak Raisurana, H. Balaji, P. Lalitha, Ronnie D. Caytiles, N. Ch. S. N. Iyengar
2017 International Journal of Security and Its Applications  
Our network model proposes a low-interaction and a medium-interaction honeypot based intrusion detection system using Dionaea and Kippo SSH to secure our internal network and study the activities of the  ...  Dionaea uses LibEmu to detect and evaluate payloads sent by attackers in order to obtain a copy of the malware. LibEmu is used detect, measure, and if necessary, execute the shellcode.  ...  By using the network as a data source, the NBIDS give the ability to monitor entire segments of the network for malicious behavior.  ... 
doi:10.14257/ijsia.2017.11.9.07 fatcat:bay3omngv5e7rk5k6k4mjlcrna

Dismantling intrusion prevention systems

Olli-Pekka Niemi, Antti Levomäki, Jukka Manner
2012 Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication - SIGCOMM '12  
We describe how protocols can still be misused to fool network security devices, such as intrusion prevention systems.  ...  An example is the prevention of small TCP segments that some vendors use to block evasions.  ...  ., Shunting: A Hardware/Software Architecture for Flexible, High-Performance Network Intrusion Prevention.  ... 
doi:10.1145/2342356.2342412 dblp:conf/sigcomm/NiemiLM12 fatcat:6hytzowpb5c7tk3vtxp6ege7by

An Anomaly Intrusion Detection Method Based on Improved K-Means of Cloud Computing

Xinlong Zhao, Weishi Zhang
2016 2016 Sixth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC)  
Our approach deploys the IDS sensors in each virtual machine to create a cooperative environment for our anomaly detection engine.  ...  In this paper, we propose a novel assessment methodology for anomaly-based IDSs in cloud computing that takes into account both the network and system-level information for generating the evaluation dataset  ...  The misuse detection systems can only detect known attacks using some pattern matching algorithms and a list of predefined attack signatures.  ... 
doi:10.1109/imccc.2016.108 fatcat:jrdcmpgdnjavpnjvhzlcdpwtru
« Previous Showing results 1 — 15 out of 2,359 results