Visible to the public Preemptive Intrusion Detection: Theoretical Framework and Real-World MeasurementsConflict Detection Enabled

TitlePreemptive Intrusion Detection: Theoretical Framework and Real-World Measurements
Publication TypeConference Paper
Year of Publication2015
AuthorsPhuong Cao, University of Illinois at Urbana-Champaign, Eric Badger, University of Illinois at Urbana-Champaign, Adam Slagell, University of Illinois at Urbana-Champaign, Zbigniew Kalbarczyk, University of Illinois at Urbana-Champaign, Ravishankar Iyer, University of Illinois at Urbana-Champaign
Conference NameSymposium and Bootcamp on the Science of Security, (HotSoS 2015)
PublisherACM
Conference LocationUrbana, IL
KeywordsData Driven Security Models and Analysis, Intrusion/Anomaly Detection and Malware Mitigation, NSA SoS Lablets Materials, science of security, UIUC
Abstract

This paper presents a Factor Graph based framework called AttackTagger for highly accurate and preemptive detection of attacks, i.e., before the system misuse. We use secu- rity logs on real incidents that occurred over a six-year pe- riod at the National Center for Supercomputing Applica- tions (NCSA) to evaluate AttackTagger. Our data consist of security incidents that led to compromise of the target system, i.e., the attacks in the incidents were only identified after the fact by security analysts. AttackTagger detected 74 percent of attacks, and the majority them were detected before the system misuse. Finally, AttackTagger uncovered six hidden attacks that were not detected by intrusion de- tection systems during the incidents or by security analysts in post-incident forensic analysis.

URLhttps://publish.illinois.edu/science-of-security-lablet/files/2014/06/Preemptive-Intrusion-Detection...
Citation Keynode-23405

Other available formats:

Preemptive Intrusion Detection Theoretical Framework and Real-World Measurements