Weitere Artikel dieser Ausgabe durch Wischen aufrufen
Context-aware security utilizes external data, such as time of the day or user information, to improve its capability of detecting a security breach. In this paper we present a Context-aware security framework based on a Traffic Anomaly Detection Indicator (TADI) which indicates when a threat can occur. The main novelty of our approach is that we use as a context the time-based information derived from profile analysis of a typical day to determine more accurately the presence of an anomaly based on the time of day it occurs. This 24-h typical daily analysis helps us to consider the time interval (night-time, working hours, etc.) in which a potential threat occurs, in contrast to traditional sudden peak changes. First, a preliminary analysis based on historical data shows how traffic typically behaves at each particular period of the day. We subsequently calibrate our procedure by checking the effectiveness of different algorithms so that we are aware of which ones gets better performance in each period of the day. Finally the TADI is calculated from the time-based contextual information. We also present the results based on actual traffic traces collected from a campus university that show the effectiveness of the proposed method.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
Gartner, IT Glosary, Gartner, Inc. (2015). http://www.gartner.com/it-glossary/context-aware-security.
Davis, A. (2014). Security Think Tank: Context-aware security is about more than buying technology, Computerweekly.com.
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., & Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. The International Source of Innovation for the Information Security and IT Audit Professional ( Computers & security Journal). Elsevier, 28, 18–28.
Cuadra, A., & Ramos, A. J. J. (2014). Proposal of a new information-theory based technique and analysis of traffic anomaly detection. In IEEE International Conference on Smart Communications in Network Technologies (SaCoNeT) (Vol. 1, pp. 1–6).
Cuppens, F., & Cuppens-Boulahia, N. (2008). Modeling contextual security policies. International Journal of Information Security, Springer, 7, 285–305. CrossRef
Gartner, Hype Cycle for Application Security, Gartner, Inc. (2014). https://www.gartner.com/doc/2809417/hype-cycle-application-security.
Miettinen, M., Asokan, N., Nguyen, T. D., Sadeghi, A. R., & Sobhani, M. (2014) Context-based zero-interaction pairing and key evolution for advanced personal devices. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, ACM (pp. 880–891).
Ouedraogo, W. F., Biennier, F., & Ghodous, P. (2012). Adaptive security policy model to deploy business process in cloud infrastructure. In International Conference on Cloud Computing and Services Science (CLOSER) (pp. 287–290).
Sliman, L., Biennier, F., & Badr, Y. (2009). A security policy framework for context-aware and user preferences in e-services. Journal of Systems Architecture, 55, 275–288. CrossRef
Kalam, A. A. E., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., & Trouessin, G. (2003). Organization based access control. In IEEE 4th International Workshop on Policies for Distributed Systems and Networks. Proceedings. POLICY 2003, IEEE (pp. 120–131).
Debar, H., Thomas, Y., Boulahia-Cuppens, N., & Cuppens, F. (2006). Using contextual security policies for threat response. In Detection of intrusions and malware & vulnerability assessment (pp. 109–128). New York: Springer.
Debar, H., Thomas, Y., Cuppens, F., & Cuppens-Boulahia, N. (2007). Enabling automated threat response through the use of a dynamic security policy. Journal in Computer Virology, 3, 195–210. CrossRef
Preda, S., Cuppens-Boulahia, N., Cuppens, F.,&Toutain, L. (2010). Architecture-aware adaptive deployment of contextual security policies. In ARES’10 International Conference on Availability, Reliability, and Security, IEEE (pp. 87–95).
Preda, S., Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., & Toutain, L. (2011). Dynamic deployment of context-aware access control policies for constrained security devices. Journal of Systems and Software, 84, 1144–1159. CrossRef
Kim, Y., Lau, W. C., Chuah, M. C., & Chao, H. J. (2004). Packetscore: Statistics-based overload control against distributed denial-of-service attacks. In INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies (2004), IEEE (Vol. 4, pp. 2594–2604).
Kim, Y., Lau, W. C., Chuah, M. C., & Chao, H. J. (2006). Packetscore: A statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Transactions on Dependable and Secure Computing, 3, 141–155. CrossRef
Croarkin, C., & Guthrie, W. (2012). NIST/SEMATECH e-Handbook of statistical methods. National Institute of Standards and Technology (NIST).
Shannon, C. E. (2001). A mathematical theory of communication. ACM SIGMOBILE Mobile Computing and Communications Review, 5, 3–55. CrossRef
Montgomery, D. (2004). Introduction to statistical quality control. New York: Wiley.
Cuadra-Sánchez, A., & Aracil, J. (2015). Traffic anomaly detection. Amsterdam: Elsevier Ltd.
Maria, A., Matias, R., Macedo, A., Maciel, P. R. M., & Araujo, L. B. (2011). Performance analysis of control charts techniques applied to ip traffic forecasts. IEEE 12th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT) (pp. 109–115).
Matias, R., Carvalho, A. M., Araujo, L. B., & Maciel, P. R. M. (2011). Comparison analysis of statistical control charts for quality monitoring of network traffic forecasts. In IEEE International Conference on Systems, Man, and Cybernetics (SMC) (pp. 404–409).
Oprea, R., & Emile, A. (2013). Traffic anomaly detection using a distributed measurement network. Amsterdam: University of Amsterdam.
Bulunga, M. L. (2012). Change-point detection in dynamical systems using auto-associative neural networks. Doctoral dissertation, Stellenbosch University.
Carvalho, A. M. M. (2012). Controle estatstico de processos de predio de trfego de redes de computadores. Master’s Thesis, University of Uberlndia.
Callegari, C., Giordano, S., Pagano, M., & Pepe, T. (2012). Wave-cusum: Improving cusum performance in network anomaly detection by means of wavelet analysis. Computers and Security, 31, 727–735. CrossRef
Arnold, T. B., & Emerson, J. W. (2011). Nonparametric goodness-of-fit tests for discrete null distributions. The R Journal, 3, 34–39.
Gagunashvili, N. (2010). Chi-square tests for comparing weighted histograms. Nuclear Instruments and Methods in Physics Research Section A: Accelerators, Spectrometers, Detectors and Associated Equipment, 614, 287–296. CrossRef
Higgins, J. J. (2003). Introduction to modern nonparametric statistics (1st ed.). Florence: Duxbury Press.
Tartakovsky, A. G., Rozovskii, B. L., Blazek, R. B., & Kim, H. (2006). A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Transactions on Signal Processing, 54, 3372–3382. CrossRef
Marinescu, D. C., & Marinescu, G. M. (2012). Classical and quantum information. New York: Academic Press.
Verron, S., Tiplica, T., & Kobi, A. (2008). Fault detection and identification with a new feature selection based on mutual information. Journal of Process Control, 18, 479–490. CrossRef
Amiri, F., Yousefi, M. R., Lucas, C., Shakery, A., & Yazdani, N. (2011). Mutual information-based feature selection for intrusion detection systems. Journal of Network and Computer Applications, 34, 1184–1199. CrossRef
Drugman, T. (2014). Using mutual information in supervised temporal event detection: Application to cough detection. Biomedical Signal Processing and Control, 10, 50–57.
Shah, K., Jonckheere, E., & Bohacek, S. (2006). Dynamic modeling of internet traffic for intrusion detection. EURASIP Journal on Advances in Signal Processing, 2004, 1.
- Context-aware security framework based on Traffic Anomaly Detection Indicator
- Springer US