S. D. Donald, R. V. McMillen, D. Ford, John C. McEachen
{"title":"Therminator 2:基于热力学的实时无模式入侵检测方法","authors":"S. D. Donald, R. V. McMillen, D. Ford, John C. McEachen","doi":"10.1109/MILCOM.2002.1179705","DOIUrl":null,"url":null,"abstract":"A novel system for conducting nonsignature based, or patternless, intrusion detection of computer networks is presented. The initial prototype has been installed at USA Pacific Command and Army Signal Command. This system uses principles of thermodynamics to model network conversation characteristics. Observing the properties of entropy, energy and temperature within the system develops a notion of baseline operating conditions. Perturbations in these properties are considered potential intrusions for further investigation. System functions are decomposed into a network sensing device, a real-time processing component and a forensics component. State definitions for a variety of conditions are discussed. Finally, examples of valid intrusions and other network perturbations in real traffic collected in network operation center backbones are presented. Preliminary results indicate this system has significant potential for revealing anomalies in large network systems.","PeriodicalId":191931,"journal":{"name":"MILCOM 2002. Proceedings","volume":"181 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"Therminator 2: a thermodynamics-based method for real-time patternless intrusion detection\",\"authors\":\"S. D. Donald, R. V. McMillen, D. Ford, John C. McEachen\",\"doi\":\"10.1109/MILCOM.2002.1179705\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A novel system for conducting nonsignature based, or patternless, intrusion detection of computer networks is presented. The initial prototype has been installed at USA Pacific Command and Army Signal Command. This system uses principles of thermodynamics to model network conversation characteristics. Observing the properties of entropy, energy and temperature within the system develops a notion of baseline operating conditions. Perturbations in these properties are considered potential intrusions for further investigation. System functions are decomposed into a network sensing device, a real-time processing component and a forensics component. State definitions for a variety of conditions are discussed. Finally, examples of valid intrusions and other network perturbations in real traffic collected in network operation center backbones are presented. Preliminary results indicate this system has significant potential for revealing anomalies in large network systems.\",\"PeriodicalId\":191931,\"journal\":{\"name\":\"MILCOM 2002. Proceedings\",\"volume\":\"181 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-10-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MILCOM 2002. Proceedings\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MILCOM.2002.1179705\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2002. Proceedings","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2002.1179705","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Therminator 2: a thermodynamics-based method for real-time patternless intrusion detection
A novel system for conducting nonsignature based, or patternless, intrusion detection of computer networks is presented. The initial prototype has been installed at USA Pacific Command and Army Signal Command. This system uses principles of thermodynamics to model network conversation characteristics. Observing the properties of entropy, energy and temperature within the system develops a notion of baseline operating conditions. Perturbations in these properties are considered potential intrusions for further investigation. System functions are decomposed into a network sensing device, a real-time processing component and a forensics component. State definitions for a variety of conditions are discussed. Finally, examples of valid intrusions and other network perturbations in real traffic collected in network operation center backbones are presented. Preliminary results indicate this system has significant potential for revealing anomalies in large network systems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
