J. Tölle, M. Jahnke, Michael Bussmann, Sven Henkel
{"title":"元IDS环境:一种事件消息异常检测方法","authors":"J. Tölle, M. Jahnke, Michael Bussmann, Sven Henkel","doi":"10.1109/IWIA.2005.13","DOIUrl":null,"url":null,"abstract":"This paper presents an anomaly detection approach for application in Meta IDS environments, where locally generated event messages from several domains are centrally processed. The basic approach has been successfully used for detection of abnormal traffic structures in computer networks. It creates directed graphs from address specifications contained within event messages and generates clusterings of the graphs. Large differences between subsequent clusterings indicate anomalies. This anomaly detection approach is part of an intrusion warning system (IWS) for dynamic coalition environments. It is designed to indicate suspicious actions and tendencies and to provide decision support on how to react on anomalies. Real-world data, mixed with data from a simulated Internet worm, is used to analyze the system. The results prove the applicability of our approach.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Meta IDS environments: an event message anomaly detection approach\",\"authors\":\"J. Tölle, M. Jahnke, Michael Bussmann, Sven Henkel\",\"doi\":\"10.1109/IWIA.2005.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents an anomaly detection approach for application in Meta IDS environments, where locally generated event messages from several domains are centrally processed. The basic approach has been successfully used for detection of abnormal traffic structures in computer networks. It creates directed graphs from address specifications contained within event messages and generates clusterings of the graphs. Large differences between subsequent clusterings indicate anomalies. This anomaly detection approach is part of an intrusion warning system (IWS) for dynamic coalition environments. It is designed to indicate suspicious actions and tendencies and to provide decision support on how to react on anomalies. Real-world data, mixed with data from a simulated Internet worm, is used to analyze the system. The results prove the applicability of our approach.\",\"PeriodicalId\":247477,\"journal\":{\"name\":\"Third IEEE International Workshop on Information Assurance (IWIA'05)\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-03-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Third IEEE International Workshop on Information Assurance (IWIA'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IWIA.2005.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Third IEEE International Workshop on Information Assurance (IWIA'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWIA.2005.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Meta IDS environments: an event message anomaly detection approach
This paper presents an anomaly detection approach for application in Meta IDS environments, where locally generated event messages from several domains are centrally processed. The basic approach has been successfully used for detection of abnormal traffic structures in computer networks. It creates directed graphs from address specifications contained within event messages and generates clusterings of the graphs. Large differences between subsequent clusterings indicate anomalies. This anomaly detection approach is part of an intrusion warning system (IWS) for dynamic coalition environments. It is designed to indicate suspicious actions and tendencies and to provide decision support on how to react on anomalies. Real-world data, mixed with data from a simulated Internet worm, is used to analyze the system. The results prove the applicability of our approach.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
