The Community for Technology Leaders
2010 International Workshop on Innovative Architecture for Future Generation High Performance (2004)
Charlotte, North Carolina
Apr. 8, 2004 to Apr. 9, 2004
ISBN: 0-7695-2117-7
pp: 71
Brian D. Carrier , Purdue University, West Lafayette, IN
Blake Matheny , Purdue University, West Lafayette, IN
ABSTRACT
In this paper, we introduce a statistics-based anomaly detection technique for identifying systems that could have been compromised and had trojan executables installed. Attackers frequently install rootkits and other trojan files onto hosts they compromise so they can easily gain access in the future. Many detection systems use signatures to identify unauthorized files, but signatures for all platforms and patch levels do not exist in large-scale environments, such as government and university networks. Our anomaly detection system organizes hosts into clusters based on their files and uses statistics to identify those that should be examined in more detail.
INDEX TERMS
null
CITATION
Brian D. Carrier, Blake Matheny, "Methods for Cluster-Based Incident Detection", 2010 International Workshop on Innovative Architecture for Future Generation High Performance, vol. 00, no. , pp. 71, 2004, doi:10.1109/IWIA.2004.1288039
92 ms
(Ver 3.3 (11022016))