Behavior Profiling for Robust Anomaly Detection
Internet attacks are evolving using evasion techniques such as polymorphism and stealth scanning. Conventional detection systems using signature-based and/or rulebased anomaly detection techniques no longer suffice. It is difficult to predict what form the next malware attack will take and these pose a great challenge to the design of a robust intrusion detection system. We focus on the anomalous behavioral characteristics between attack and victim when they undergo sequences of compromising actions and that are inherent to the classes of vulnerability-exploit attacks. A new approach, Gestalt, is proposed to statefully capture and monitor activities between hosts and progressively assess possible network anomalies by multilevel behavior tracking, cross-level triggering and correlation, and a probabilistic inference model is proposed for intrusion assessment and detection. Such multilevel design provides a collective perspective to reveal more anomalies than individual levels. We show that Gestalt is robust and effective in detecting polymorphic, stealthy variants of known attacks.
Anomaly detection attack accessment behavioral analysis finite state machine netwrok service
Shun-Wen Hsiao Yeali S. Sun Meng Chang Chen Hui Zhang
Dept. of Information Management National Taiwan University Taipei, Taiwan Institute of Information Science Academia Sinica Taipei, Taiwan School of Computer Science Carnegie Mellon University Pittsburgh, U.S.A.
国际会议
北京
英文
1-7
2010-06-25(万方平台首次上网日期,不代表论文的发表时间)