Security Protocols Protection Based on Anomaly Detection

Alharby, Abdulrahman; Imai, Hideki

doi:10.1093/ietisy/e89-d.1.189

Cited by 1 publication

(1 citation statement)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…packets sent/received, number of TCP/UDP connection, number of HTTP/DNS request,etc. On the other side, protocol analysis consists in discovering protocol misuse at different levels [2](Data Link, Network, Transport, Application). The analysis is realized on sequences of protocol steps and protocol transaction evolutions.This section tends to cover the monitored data frequently used for the behavioral analysis.…”

Section: Behavioral Nids Indicatorsmentioning

confidence: 99%

Behavioral Intrusion Detection Indicators

Saraydaryan

Paffumi²,

Legrand

et al.

Proceedings of the Ifip Tc 11 23rd International Information Security Conference

View full text Add to dashboard Cite

Monitoring and analysing Information system(IS)'s security events has become more and more difficult in the last few years. As IS complexity rises, the number of mandatory monitoring points has increased along with the number of deployed probes. Consequently, a huge amount of information is reported to the analyst which subsequently floods him and implies the implementation of very complex event analysis engines. In the behaviour analysis context in which sequences of events are studied, this information quantity issue makes it difficult to build automatable -not too complex -models. In order to cope with this increasing amount of information, we will describe a method to reduce the observation perimeter through the selection of most relevant indicators. Such indicators, which are defined thanks to users and attackers behaviour analysis, represent different actions that users or attackers perform in the IS. This method implies neither information loss nor significant detection rate decline. We experienced this indicators selection with a behaviour anomaly detection engines injecting few days of events. Results show that model complexity issues are significantly reduced while keeping detection rate almost the same.

show abstract

Section: Behavioral Nids Indicatorsmentioning

confidence: 99%