Preemptive Intrusion Detection: Theoretical Framework and Real-World Measurements
| Title | Preemptive Intrusion Detection: Theoretical Framework and Real-World Measurements |
| Publication Type | Conference Paper |
| Year of Publication | 2015 |
| Authors | Phuong Cao, University of Illinois at Urbana-Champaign, Eric Badger, University of Illinois at Urbana-Champaign, Adam Slagell, University of Illinois at Urbana-Champaign, Zbigniew Kalbarczyk, University of Illinois at Urbana-Champaign, Ravishankar Iyer, University of Illinois at Urbana-Champaign |
| Conference Name | Symposium and Bootcamp on the Science of Security, (HotSoS 2015) |
| Publisher | ACM |
| Conference Location | Urbana, IL |
| Keywords | Data Driven Security Models and Analysis, Intrusion/Anomaly Detection and Malware Mitigation, NSA SoS Lablets Materials, science of security, UIUC |
| Abstract | This paper presents a Factor Graph based framework called AttackTagger for highly accurate and preemptive detection of attacks, i.e., before the system misuse. We use secu- rity logs on real incidents that occurred over a six-year pe- riod at the National Center for Supercomputing Applica- tions (NCSA) to evaluate AttackTagger. Our data consist of security incidents that led to compromise of the target system, i.e., the attacks in the incidents were only identified after the fact by security analysts. AttackTagger detected 74 percent of attacks, and the majority them were detected before the system misuse. Finally, AttackTagger uncovered six hidden attacks that were not detected by intrusion de- tection systems during the incidents or by security analysts in post-incident forensic analysis. |
| URL | https://publish.illinois.edu/science-of-security-lablet/files/2014/06/Preemptive-Intrusion-Detection... |
| Citation Key | node-23405 |
| Attachment | Size |
|---|---|
| bytes |