Methods for Cluster-Based Incident Detection

I
IWIA
2004
Second IEEE International Information Assurance Workshop (IWIA'04)
Abstract - Methods for Cluster-Based Incident Detection

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Brian D. Carrier Articles by Blake Matheny

Second IEEE International Information Assurance Workshop (IWIA'04)

Charlotte, North Carolina

April 08-April 09

ISBN: 0-7695-2117-7

	ASCII Text	x
	Brian D. Carrier, Blake Matheny, "Methods for Cluster-Based Incident Detection," Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on, pp. 71, Second IEEE International Information Assurance Workshop (IWIA'04), 2004.

	BibTex	x
	@article{ 10.1109/IWIA.2004.1288039, author = {Brian D. Carrier and Blake Matheny}, title = {Methods for Cluster-Based Incident Detection}, journal ={Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on}, volume = {0}, year = {2004}, isbn = {0-7695-2117-7}, pages = {71}, doi = {http://doi.ieeecomputersociety.org/10.1109/IWIA.2004.1288039}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on TI - Methods for Cluster-Based Incident Detection SN - 0-7695-2117-7 SP EP A1 - Brian D. Carrier, A1 - Blake Matheny, PY - 2004 KW - null VL - 0 JA - Innovative Architecture for Future Generation High-Performance Processors and Systems, International Workshop on ER -

Brian D. Carrier, Purdue University, West Lafayette, IN

Blake Matheny, Purdue University, West Lafayette, IN

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IWIA.2004.1288039

In this paper, we introduce a statistics-based anomaly detection technique for identifying systems that could have been compromised and had trojan executables installed. Attackers frequently install rootkits and other trojan files onto hosts they compromise so they can easily gain access in the future. Many detection systems use signatures to identify unauthorized files, but signatures for all platforms and patch levels do not exist in large-scale environments, such as government and university networks. Our anomaly detection system organizes hosts into clusters based on their files and uses statistics to identify those that should be examined in more detail.

Citation:

Brian D. Carrier, Blake Matheny, "Methods for Cluster-Based Incident Detection," iwia, pp.71, Second IEEE International Information Assurance Workshop (IWIA'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.