Locality-based Profile Analysis for Secondary Intrusion Detection

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mian Zhou Articles by Robert Lee Articles by Sheau-Dong Lang

8th International Symposium on Parallel Architectures,Algorithms and Networks (ISPAN'05)

Las Vegas, Nevada, USA

December 07-December 09

ISBN: 0-7695-2509-1

	ASCII Text	x
	Mian Zhou, Robert Lee, Sheau-Dong Lang, "Locality-based Profile Analysis for Secondary Intrusion Detection," Parallel Architectures, Algorithms, and Networks, International Symposium on, pp. 166-173, 8th International Symposium on Parallel Architectures,Algorithms and Networks (ISPAN'05), 2005.

	BibTex	x
	@article{ 10.1109/ISPAN.2005.56, author = {Mian Zhou and Robert Lee and Sheau-Dong Lang}, title = {Locality-based Profile Analysis for Secondary Intrusion Detection}, journal ={Parallel Architectures, Algorithms, and Networks, International Symposium on}, volume = {0}, year = {2005}, issn = {1087-4089}, pages = {166-173}, doi = {http://doi.ieeecomputersociety.org/10.1109/ISPAN.2005.56}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Parallel Architectures, Algorithms, and Networks, International Symposium on TI - Locality-based Profile Analysis for Secondary Intrusion Detection SN - 1087-4089 SP166 EP173 A1 - Mian Zhou, A1 - Robert Lee, A1 - Sheau-Dong Lang, PY - 2005 KW - null VL - 0 JA - Parallel Architectures, Algorithms, and Networks, International Symposium on ER -

Mian Zhou, University of Central Florida, Orlando

Robert Lee, University of Central Florida, Orlando

Sheau-Dong Lang, University of Central Florida, Orlando

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISPAN.2005.56

While a firewall at the perimeter of a local network provides the first line of defense against attackers, many intrusion incidents result from successful penetration of the firewall. The compromise of one computer puts the entire network at risk. We propose a distributed personal Intrusion Detection System (IDS) that provides local anomaly detection as well as centralized traffic analysis.

The system first builds profiles for normal network activity and then labels as suspicious any events that deviate from the normal profiles. The normal profiles are based on variations in connection-based behavior at each individual host. Deviations at each host are recorded using a local weight assignment scheme and then further processed by the central analyzer to build a weighted link graph representing the overall network abnormality. As local networks become more vulnerable to inside attack, our system reinforces security to prevent corruption from the inside.

Citation:

Mian Zhou, Robert Lee, Sheau-Dong Lang, "Locality-based Profile Analysis for Secondary Intrusion Detection," ispan, pp.166-173, 8th International Symposium on Parallel Architectures,Algorithms and Networks (ISPAN'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.