By Topic

Locality-based profile analysis for secondary intrusion detection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
M. Zhou ; Sch. of Electr. Eng. & Comput. Sci., Univ. of Central Florida, Orlando, FL, USA ; R. Lee ; S. -D. Lang

While a firewall at the perimeter of a local network provides the first line of defense against attackers, many intrusion incidents result from successful penetration of the firewall. The compromise of one computer puts the entire network at risk. We propose a distributed personal intrusion detection system (IDS) that provides local anomaly detection as well as centralized traffic analysis. The system first builds profiles for normal network activity and then labels as suspicious any events that deviate from the normal profiles. The normal profiles are based on variations in connection-based behavior at each individual host. Deviations at each host are recorded using a local weight assignment scheme and then further processed by the central analyzer to build a weighted link graph representing the overall network abnormality. As local networks become more vulnerable to inside attack, our system reinforces security to prevent corruption from the inside.

Published in:

8th International Symposium on Parallel Architectures,Algorithms and Networks (ISPAN'05)

Date of Conference:

7-9 Dec. 2005