{"title":"预测网络入侵的时间序列分析","authors":"J. Nehinbe","doi":"10.1109/CIS.2011.6169144","DOIUrl":null,"url":null,"abstract":"Intrusion Detection Systems are fast-growing techniques for monitoring and garnering electronic evidences about suspicious activities that signify threats to computer systems. Generally, these mechanisms overwhelmingly describe and record patterns of suspicious packets as alerts in the form of intrusion logs. Thereafter, analysts must subsequently validate the content of each intrusion log to ascertain the validity of each alert. Secondly, high level of expertise is required to discern each alert. However, more time and resources are unduly spent at the expense of countermeasures that ought to be proactively initiated to thwart attacks in progress. Accordingly, TSA-Log analyzer that uses a computationally fast technique and a uniform baseline to determine patterns of intrusions is proposed in this paper. Validations that are carried out on five publicly available datasets demonstrate that propagation strategies of intrusions, efficient countermeasures and the extent of similarity of intrusions can be forecasted giving the knowledge of the patterns of alerts in intrusion logs.","PeriodicalId":286889,"journal":{"name":"2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Time series analyses for forecasting network intrusions\",\"authors\":\"J. Nehinbe\",\"doi\":\"10.1109/CIS.2011.6169144\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion Detection Systems are fast-growing techniques for monitoring and garnering electronic evidences about suspicious activities that signify threats to computer systems. Generally, these mechanisms overwhelmingly describe and record patterns of suspicious packets as alerts in the form of intrusion logs. Thereafter, analysts must subsequently validate the content of each intrusion log to ascertain the validity of each alert. Secondly, high level of expertise is required to discern each alert. However, more time and resources are unduly spent at the expense of countermeasures that ought to be proactively initiated to thwart attacks in progress. Accordingly, TSA-Log analyzer that uses a computationally fast technique and a uniform baseline to determine patterns of intrusions is proposed in this paper. Validations that are carried out on five publicly available datasets demonstrate that propagation strategies of intrusions, efficient countermeasures and the extent of similarity of intrusions can be forecasted giving the knowledge of the patterns of alerts in intrusion logs.\",\"PeriodicalId\":286889,\"journal\":{\"name\":\"2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS)\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIS.2011.6169144\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIS.2011.6169144","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Time series analyses for forecasting network intrusions
Intrusion Detection Systems are fast-growing techniques for monitoring and garnering electronic evidences about suspicious activities that signify threats to computer systems. Generally, these mechanisms overwhelmingly describe and record patterns of suspicious packets as alerts in the form of intrusion logs. Thereafter, analysts must subsequently validate the content of each intrusion log to ascertain the validity of each alert. Secondly, high level of expertise is required to discern each alert. However, more time and resources are unduly spent at the expense of countermeasures that ought to be proactively initiated to thwart attacks in progress. Accordingly, TSA-Log analyzer that uses a computationally fast technique and a uniform baseline to determine patterns of intrusions is proposed in this paper. Validations that are carried out on five publicly available datasets demonstrate that propagation strategies of intrusions, efficient countermeasures and the extent of similarity of intrusions can be forecasted giving the knowledge of the patterns of alerts in intrusion logs.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
