Zhang et al., 2012 - Google Patents
User intention-based traffic dependence analysis for anomaly detectionZhang et al., 2012
View PDF- Document ID
- 4201076764520729643
- Author
- Zhang H
- Banick W
- Yao D
- Ramakrishnan N
- Publication year
- Publication venue
- 2012 IEEE symposium on security and privacy workshops
External Links
Snippet
This paper describes an approach to enforce dependencies between network traffic and user activities for anomaly detection. We present a framework and algorithms that analyze user actions and network events on a host according to their dependencies. Discovering …
- 238000004458 analytical method 0 title abstract description 32
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6894003B2 (en) | Defense against APT attacks | |
| Zhang et al. | User intention-based traffic dependence analysis for anomaly detection | |
| Giura et al. | A context-based detection framework for advanced persistent threats | |
| Punithavathani et al. | Surveillance of anomaly and misuse in critical networks to counter insider threats using computational intelligence | |
| US20190182286A1 (en) | Identifying communicating network nodes in the presence of Network Address Translation | |
| CN112787992A (en) | Method, device, equipment and medium for detecting and protecting sensitive data | |
| Xu et al. | Detecting infection onset with behavior-based policies | |
| EP2203860A2 (en) | System and method for detecting security defects in applications | |
| Sequeira | Intrusion prevention systems: security's silver bullet? | |
| Raftopoulos et al. | Detecting, validating and characterizing computer infections in the wild | |
| Pramono | Anomaly-based intrusion detection and prevention system on website usage using rule-growth sequential pattern analysis: Case study: Statistics of Indonesia (BPS) website | |
| Halvorsen et al. | Evaluating the observability of network security monitoring strategies with TOMATO | |
| Meijerink | Anomaly-based detection of lateral movement in a microsoft windows environment | |
| KR101271449B1 (en) | Method, server, and recording medium for providing service for malicious traffic contol and information leak observation based on network address translation of domain name system | |
| Beigh et al. | Intrusion detection and prevention system: issues and challenges | |
| Seo et al. | Abnormal behavior detection to identify infected systems using the APChain algorithm and behavioral profiling | |
| Li et al. | A hierarchical mobile‐agent‐based security operation center | |
| Rastogi et al. | Network anomalies detection using statistical technique: a chi-square approach | |
| Ezeife et al. | SensorWebIDS: a web mining intrusion detection system | |
| Anas et al. | Survey on detecting and preventing web application broken access control attacks | |
| Gujral et al. | Design and implementation of a quantitative network health monitoring and recovery system | |
| EP3484122B1 (en) | Malicious relay and jump-system detection using behavioral indicators of actors | |
| Xu et al. | [Retracted] Method of Cumulative Anomaly Identification for Security Database Based on Discrete Markov chain | |
| Bhardwaj et al. | Machine Learning and Artificial Intelligence for Detecting Cyber Security Threats in IoT Environmment | |
| Kissoon et al. | An Analysis of Key Tools for Detecting Cross-Site Scripting Attacks on Web-Based Systems |