RAPID: Reputation based approach for improving intrusion detection effectiveness

Thomas, Ashley

doi:10.1109/isias.2010.5604064

Cited by 12 publications

(3 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Third, the unsupervised detection results display the quantitative gain in the false detection rate of the ensemble over any of the constituent members with no expense to the true positive rate. This shows that the ensemble directly addresses the base rate fallacy and supports a growing body of literature in this area [9], [10], [11], [12], [13], [14], [15], [16]. Finally, our anomaly detection ensemble outperforms the supervised algorithms-perhaps surprising given that the latter is privy to other known malware profiles during training.…”

Section: A Contributionssupporting

confidence: 77%

Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics

Bridges

Jiménez

Nichols

et al. 2018

2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/ 12th IEEE International

View full text Add to dashboard Cite

This paper presents an experimental design and data analytics approach aimed at power-based malware detection on general-purpose computers. Leveraging the fact that malware executions must consume power, we explore the postulate that malware can be accurately detected via power data analytics. Our experimental design and implementation allow for programmatic collection of CPU power profiles for fixed tasks during uninfected and infected states using five different rootkits. To characterize the power consumption profiles, we use both simple statistical and novel, sophisticated features. We test a one-class anomaly detection ensemble (that baselines non-infected power profiles) and several kernel-based SVM classifiers (that train on both uninfected and infected profiles) in detecting previously unseen malware and clean profiles. The anomaly detection system exhibits perfect detection when using all features and tasks, with smaller false detection rate than the supervised classifiers. The primary contribution is the proof of concept that baselining power of fixed tasks can provide accurate detection of rootkits. Moreover, our treatment presents engineering hurdles needed for experimentation and allows analysis of each statistical feature individually. This work appears to be the first step towards a viable power-based detection capability for general-purpose computers, and presents next steps toward this goal.

show abstract

Section: A Contributionssupporting

confidence: 77%

Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics

Bridges

Jiménez

Nichols

et al. 2018

2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/ 12th IEEE International

View full text Add to dashboard Cite

show abstract

“…A number of studies have proposed approaches for reputation scoring of IPs in computer networks. To deduce the reputation scores, features are compared against those of known signatures [Fukushima et al 2011;Thomas 2010;Antonakakis et al 2010;Renjan et al 2018]. For example, Renjan et al [2018] propose a vector space approach that uses Euclidean distance to compare features of an IP address to those of blacklisted IPs.…”

Section: Reputation Scoringmentioning

confidence: 99%

IP Reputation Scoring with Geo-Contextual Feature Augmentation

Sainani

Namayanja

Sharma

et al. 2020

ACM Trans. Manage. Inf. Syst.

View full text Add to dashboard Cite

The focus of this article is to present an effective anomaly detection model for an encrypted network session by developing a novel IP reputation scoring model that labels the incoming session IP address based on the most similar IP addresses in terms of both network and geo-contextual knowledge. We provide empirical evidence that considering not only traditional network information but also geo-contextual information provides better threat assessment. The reputation scores provide a means to quantitatively capture good and bad IP behavior, making our model ideal for detecting malicious network behavior. With network encryption being the most practical solution to data security and privacy today, our approach expands the network administrator's ability to make decisions about IP addresses' trustworthiness in an encrypted session with limited network information.

show abstract

“…The alert-set itself is also utilized in [29]. The method proposed therein is based on the calculation of reputation for alerts.…”

Section: Looking At Neighboring Alertsmentioning

confidence: 99%

Improving the results of intrusion detection systems

Σπαθούλας¹

View full text Add to dashboard Cite

show abstract

RAPID: Reputation based approach for improving intrusion detection effectiveness

Cited by 12 publications

References 11 publications

Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics

Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics

IP Reputation Scoring with Geo-Contextual Feature Augmentation

Improving the results of intrusion detection systems

Contact Info

Product

Resources

About