Referenced Items are not available for this document.
Anomaly-based intrusion detection systems (IDS) have been widely recognized for their potential to prevent and reduce damage to information systems. In order to build their profiles and to generate their requisite behavior observations, these systems rely on access to payload data, either in the network or on the host system. With the growing reliance on encryption technology, less and less payload data is available for analysis. In order to accomplish intrusion detection in an encrypted environment, a new data representation must emerge. We present a knowledge engineering approach to allow intrusion detection in an encrypted environment. Our approach relies on gathering and analyzing several forms of metadata relating to session activity of the principals involved and the protocols that they employ. We then apply statistical and pattern recognition methods to the metadata to distinguish between normal and abnormal activity and then to distinguish between legitimate and malicious behavior.
Published in:
Knowledge and Data Engineering, IEEE Transactions on
(Volume:16
,
Issue:
9
)
Date of Publication: Sept. 2004
- Page(s):
- 1157 - 1168
- ISSN :
- 1041-4347
- INSPEC Accession Number:
- 8093942
- Digital Object Identifier :
- 10.1109/TKDE.2004.43
- Product Type:
- Journals & Magazines
- Date of Current Version :
- 26 July 2004
- Issue Date :
- Sept. 2004
- Sponsored by :
- IEEE Computer Society
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
