Optimizing the Observation Windows Size for Kernel Attack Signatures

	This Article
	PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by William S. Harrison Articles by Axel W. Krings Articles by Nadine Hanebutte

Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 7

Optimizing the Observation Windows Size for Kernel Attack Signatures (PDF)

Big Island, Hawaii

January 05-January 08

ISBN: 0-7695-2056-1

	ASCII Text	x
	William S. Harrison, Axel W. Krings, Nadine Hanebutte, "Optimizing the Observation Windows Size for Kernel Attack Signatures," Hawaii International Conference on System Sciences, vol. 7, pp. 70189a, Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 7, 2004.

	BibTex	x
	@article{ 10.1109/HICSS.2004.1265450, author = {William S. Harrison and Axel W. Krings and Nadine Hanebutte}, title = {Optimizing the Observation Windows Size for Kernel Attack Signatures}, journal ={Hawaii International Conference on System Sciences}, volume = {7}, year = {2004}, issn = {1530-1605}, pages = {70189a}, doi = {http://doi.ieeecomputersociety.org/10.1109/HICSS.2004.1265450}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Hawaii International Conference on System Sciences TI - Optimizing the Observation Windows Size for Kernel Attack Signatures SN - 1530-1605 SP EP A1 - William S. Harrison, A1 - Axel W. Krings, A1 - Nadine Hanebutte, PY - 2004 KW - null VL - 7 JA - Hawaii International Conference on System Sciences ER -

William S. Harrison, University of Idaho

Axel W. Krings, University of Idaho

Nadine Hanebutte, University of Idaho

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/HICSS.2004.1265450

In this paper we introduce a signature-based intrusion detection methodology which utilizes low-level kernel data in order to identify network attacks in real time. Different types of attacks have different behavior characteristics over time, and thus require observation intervals of different length to clearly identify attack data within a network data stream. Our technique involves a pseudo-continuous stream of network kernel data that is processed in order to identify attacks. An additional advantage of a pseudo-continuous system is that it allows dynamic adjustment to account for varying levels of network load. This allows a higher precision and lower false positive rate than in a fixed-interval system because only the data needed for identification is compared to the stored signature. Further, response time is near-immediate as only the minimum data needed in order to detect the attack must be sampled.

Citation:

William S. Harrison, Axel W. Krings, Nadine Hanebutte, "Optimizing the Observation Windows Size for Kernel Attack Signatures," hicss, vol. 7, pp.70189a, Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 7, 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.