Hsiao et al., 2013 - Google Patents
Detecting stepping‐stone intrusion using association rule miningHsiao et al., 2013
- Document ID
- 4700468492631319354
- Author
- Hsiao H
- Sun H
- Fan W
- Publication year
- Publication venue
- Security and Communication Networks
External Links
Snippet
Hackers generally do not use their own computers to launch attacks on the Internet to avoid exposing their actual locations. The trick involves an intruder connecting to a victim indirectly through a sequence of hosts called stepping‐stone, which makes network managers difficult …
- 239000004575 stone 0 title abstract description 103
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11463457B2 (en) | Artificial intelligence (AI) based cyber threat analyst to support a cyber security appliance | |
| Bagui et al. | Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset | |
| US11856013B2 (en) | Method and system for detecting lateral movement in enterprise computer networks | |
| Ghorbani et al. | Network intrusion detection and prevention: concepts and techniques | |
| Yen et al. | Traffic aggregation for malware detection | |
| García et al. | Survey on network‐based botnet detection methods | |
| Zhang et al. | Causality reasoning about network events for detecting stealthy malware activities | |
| EP1995929B1 (en) | Distributed system for the detection of eThreats | |
| Fallah et al. | Android malware detection using network traffic based on sequential deep learning models | |
| Zhang et al. | User intention-based traffic dependence analysis for anomaly detection | |
| US20110030059A1 (en) | Method for testing the security posture of a system | |
| CN116451215A (en) | Correlation analysis method and related equipment | |
| Zhu | Attack pattern discovery in forensic investigation of network attacks | |
| Deri et al. | Using deep packet inspection in cybertraffic analysis | |
| Tao et al. | A hybrid alarm association method based on AP clustering and causality | |
| Wang et al. | Behavior‐based botnet detection in parallel | |
| CN100379201C (en) | Method for Distributed Hacker Tracking in Controllable Computer Networks | |
| Alageel et al. | Earlycrow: Detecting apt malware command and control over http (s) using contextual summaries | |
| Hsiao et al. | Detecting stepping‐stone intrusion using association rule mining | |
| Ezeife et al. | SensorWebIDS: a web mining intrusion detection system | |
| Ramos et al. | A Machine Learning Based Approach to Detect Stealthy Cobalt Strike C &C Activities from Encrypted Network Traffic | |
| Abudalfa et al. | Evaluating performance of supervised learning techniques for developing real-time intrusion detection system | |
| Yen | Detecting stealthy malware using behavioral features in network traffic | |
| Wang et al. | A Framework to Test Resistency of Detection Algorithms for Stepping‐Stone Intrusion on Time‐Jittering Manipulation | |
| Zhang et al. | Error-sensor: mining information from HTTP error traffic for malware intelligence |