Visible to the public Preemptive Intrusion Detection

Submitted by Zbigniew Kalbarczyk on Wed, 09/17/2014 - 6:31pm
TitlePreemptive Intrusion Detection
Publication TypeConference Paper
Year of Publication2014
AuthorsCao, Phuong, Chung, Key-whan, Kalbarczyk, Zbigniew, Iyer, Ravishankar, Slagell, Adam J.
Conference NameProceedings of the 2014 Symposium and Bootcamp on the Science of Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-2907-1
KeywordsACM CCS, CPS Technologies, credential stealing attack, cyber security, cyber-system, Data Driven Security Models and Analysis, factor graph, Foundations, graphical model, Intrusion Detection Systems, Intrusion/Anomaly Detection and Malware Mitigation, Modeling, science of security, security incident, Systems Engineering, tagging, timeliness
Abstract

This paper presents a system named SPOT to achieve high accuracy and preemptive detection of attacks. We use security logs of real-incidents that occurred over a six-year period at National Center for Supercomputing Applications (NCSA) to evaluate SPOT. Our data consists of attacks that led directly to the target system being compromised, i.e., not detected in advance, either by the security analysts or by intrusion detection systems. Our approach can detect 75 percent of attacks as early as minutes to tens of hours before attack payloads are executed.
URLhttp://doi.acm.org/10.1145/2600176.2600197
DOI10.1145/2600176.2600197
Citation KeyCao:2014:PID:2600176.2600197
Groups: