The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.09 - September (2004 vol.16)
pp: 1157-1168
ABSTRACT
Anomaly-based Intrusion Detection Systems (IDS) have been widely recognized for their potential to prevent and reduce damage to information systems. In order to build their profiles and to generate their requisite behavior observations, these systems rely on access to payload data, either in the network or on the host system. With the growing reliance on encryption technology, less and less payload data is available for analysis. In order to accomplish intrusion detection in an encrypted environment, a new data representation must emerge. In this paper, we present a knowledge engineering approach to allow intrusion detection in an encrypted environment. Our approach relies on gathering and analyzing several forms of metadata relating to session activity of the principals involved and the protocols that they employ. We then apply statistical and pattern recognition methods to the metadata to distinguish between normal and abnormal activity and then to distinguish between legitimate and malicious behavior.
INDEX TERMS
Anomaly detection, security protocols, user profile, behavioral analysis.
CITATION
Tysen Leckie, "Metadata for Anomaly-Based Security Protocol Attack Deduction", IEEE Transactions on Knowledge & Data Engineering, vol.16, no. 9, pp. 1157-1168, September 2004, doi:10.1109/TKDE.2004.43
18 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool