nach oben

Cluster Computing

Erschienen in:

01.03.2015

Surveillance of anomaly and misuse in critical networks to counter insider threats using computational intelligence

verfasst von: D. Shalini Punithavathani, K. Sujatha, J. Mark Jain

Erschienen in: Cluster Computing | Ausgabe 1/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The Insider threat is minimally addressed by current information security practices, yet the insider poses the most serious threat to organization through various malicious activities. Forensic investigation is a technique used to prove the presence of malicious insider with digital evidence. The proposed surveillance mechanism for countering insider threats operates in two phases. In phase one, the network has to be monitored for incoming and outgoing packets. The information is transferred using packets, and these packets are monitored and captured and the important features are extracted. By performing investigation on the captured packets, information related to suspicious activities can be obtained. In phase two, we mine various log files which are considered to posses vital traces of information when insider attack has been performed. The analysis of the log files is performed in order to extract the key pattern from files. The extracted patterns from log files are further processed. The suspicious data patterns are grouped into clusters to trace the anomaly. They are classified as legal and anomaly pattern with the help of KNN classifier .If anomaly is traced, the user’s past activities are referred and a cross check is made with the features of captured packets the computational intelligence based on Dempster–Shafer theory is applied to prove with digital evidence, the presence of malicious insider in the critical networks with utmost accuracy.

Vorheriger Artikel Power-aware performance management of virtualized enterprise servers via robust adaptive control

Nächster Artikel Editorial for special section of grid computing journal on “Cloud Computing and Services Science”

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Santos Jr, E., Nguyen, H., Yu, F., Kim, K.J., Li, D., Wilkinson, J.T., Olson, A., Russell, J., Clark, B.: Intelligence analyses and the insider threat. IEEE Trans. Syst. Man Cybern. 42(2), 331–347 (2012)CrossRef

Schonlau, M., DuMouchel, W., Ju, W.-H., Karr, A.F.: Computer intrusion: detecting masquerades. Stat. Sci. 16(1), 58–74 (2001)CrossRefMATHMathSciNet

Chebrolu, S., Abraham, A., Thomas, J.P.: Feature deduction and ensemble design of intrusion detection systems. Comput. Secur. 24(4), 295–307 (2005)CrossRef

Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39, 424–430 (2012)CrossRef

Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Department of Computer Engineering, Chalmers University of Technology, Tech. Rep. 2000

Snort. http://www.snort.org

Tripwire. http://www.tripwire.com/

Venema, W.: Tcp wrapper: network monitoring, access control, and booby traps. In: Proceedings of the 3rd USENIX UNIX Security Symposium, 14–16, 85–92 September 1992

Chen, Y., Nyemba, S., Malin, B.: Detecting anomalous insiders in collaborative information systems. IEEE Trans. Dependable Secur. Comput. 9(3), 332–344 (2012)CrossRef

10.

Chen, Y. Malin, B. : Detection of anomalous insiders in collaborative environments via relational analysis of access logs. In: Proceedings of the First ACM Conference on Data and Application Security Security and Privacy, 63–74 Nov 2011

11.

Zhu, Ying: Attack pattern discovery in forensic investigation of network attacks. IEEE J. Sel. Areas Commun. 29(7), 1349–1357 (2011)CrossRef

12.

Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31, 2435–2463 (1999)CrossRef

13.

Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the Thirteenth Systems Administration Conference (LISA 1999), Seattle, 7–12 Nov 1999

14.

Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: Proceedings of the SIGCOMM’05, Philadelphia, 21–26 Aug 2005

15.

Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of the 6th Symposium on Operating Systems Design and Implementation (OSDI’04). USENIX, San Fransisco, 2004

16.

Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature representations for insider threat detection. In: Proceedings from the 6th Annual IEEE SMC IAW, 340–347 June 2005

17.

Liu, A., Martin, C., Hetherington, T., Matzner, S.: AI lessons learned from experiments in insider threat detection. In: Proceedings of the AAAI Spring Symposium, 49–55 March 2006

18.

Kirkpatrick, M., Bertino, E., Sheldon, F.: An architecture for contextual insider threat detection. cspurdueedu. 1–11 (2009)

19.

Yang, Y. Tzi-cker, C.: Display-only file server: a solution against information theft due to insider attack. In: Proceedings of the ACM Workshop on Digital Rights, 31–39 2004

20.

Suranjan, P., Vidyaraman, S., Shambhu, U.: Security policies to mitigate insider threat in the document control domain. In: Proceedings of the Computer Security Applications Conference, 304–313 2004

21.

Maloof, M., Stephens, G. D.: ELICIT: a system for detecting insiders who violate need-to-know. In: Proceedings of the Recent Advances in Intrusion Detection, 146–166 Sept 2007

22.

Natarajan, A., Hossain, L.: Towards a social network approach for monitoring insider threats to information security. In: Proceedings of the 2nd NSF/NIJ Symposium on Intelligence and Security Informatics, Tucson, 501–507 June 2004

23.

Symonenko, S., Liddy, E. D., Yilmazel, O., Del Zoppo, R., Brown, E., Downey, M.: Semantic analysis for monitoring insider threats. In: Proceedings of the 2nd NSF/NIJ Symposium on Intelligence and Security Informatics, Tucson, 492–500 June 2004

24.

Yilmazel, O., Symonenko, S., Balasubramanian, N., Liddy, E.D.: Terrorism informatics. Leveraging One-Class SVM and Semantic Analysis to Detect Anomalous Content. Springer, New York (2008)

25.

Pfleeger, C.P.:Reflections on the insider threat. In: Insider Attack and Cyber Security: Beyond the Hacker, pp. 5–16. Springer, New York (2008)

26.

Hunker, J., Probst, C.W.: Insiders and insider threats—an overview of definitions and mitigation techniques. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 2(1), 4–27 (2011)

27.

Nguyen, H., Santos, E. Jr., Zhao, Q., Wang, H.: Capturing user intent for information retrieval. In: Proceedings of the 48th Annual Meeting HFES, New Orleans, 371–375 Sept 2004

28.

Santos, E. Jr., Zhao, Q., Nguyen, H., Wang, H.: Impacts of user modeling on personalization of information retrieval: an evaluation with human intelligence analysts. In: Proceedings of the 4th Workshop on the Evaluation of Adaptive Systems, Conjunction With UM, 27–36 July 2005

29.

Nguyen, H.: Capturing user intent for information. Dissertation, Ph.D., University of Connecticut (2005)

30.

Probst, C., Hansen, R.R., Nielson, F.: Where can an insider attack? In: Proceedings of the Workshop Formal Aspects in Security and Trust, 127–142 March 2006

31.

Schultz, E.: A framework for understanding and predicting insider attacks. Comput. Secur. 21(6), 526–531 (2002)CrossRef

32.

Stolfo, S., Bellovin, S., Hershkop, S., Keromytis, A., Sinclair, S., Smith, S.W.: Insider Attack and Cyber Security: Beyond the Hacker. Springer, New York (2008)CrossRef

33.

Tuglular, T., Spafford, E.: A framework for characterization of insider computer misuse. Unpublished paper, 1997

34.

Georgiadis, C., Mavridis, I., Pangalos, G., Thomas, R. :Flexible team-based access control using contexts. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, 21–27 May 2001

35.

Park, J., Sandhu, R., Ahn, G.: Role-based access control on the web. ACM Trans. Inf. Syst. Secur. 4(1), 37–71 (2001)CrossRef

36.

Thomas, R., Sandhu, S.: Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP 11th International Conference on Database Securty, 166–181 Aug 1997

37.

Peleg, M., Beimel, D., Dori, D., Denekamp, Y.: Situation-based access control: privacy management via modeling of patient data access scenarios. J. Biomed. Inform. 41(6), 1028–1040 (2008)CrossRef

38.

Casey, E.: Network traffic as a source of evidence: tool strengths, weaknesses, and future needs. Elsevier J. Digit. Investig. 1, 28–43 (2004)CrossRef

39.

Corey, V.: Network forensics analysis. IEEE Internet Comput. 6(6), 60–66 (2002)CrossRef

40.

Berghel, H.: The discipline of internet forensics. Commun. ACM 46(8), 15–20 (2003)CrossRef

41.

Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)

42.

Kang, D.-K., Fuller, D., Honavar, V.: Learning classifiers for misuse detection using a bag of system calls representation. In: Proceedings from the 6th Annual IEEE SMC IAW, 118–125 June 2005

43.

Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, 120–128 May 1996

44.

Mutz, D., Robertson, W., Vigna, G., Kemmerer, R.: Exploiting execution context for the detection of anomalous system calls. In: Proceedings of the International Symposium on RAID, Gold Coast, 1–20 Sept 2007

45.

Sharif, M. S., Singh, K., Giffin, J., Lee, W.: Understanding precision in host based intrusion detection. In: Proceedings of the International Symposium on RAID, 21–41 Sept 2007

46.

Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network intrusion detection. IEEE Netw. 8(3), 26–41 (1994)CrossRef

47.

Ko, C. : Execution monitoring of security-critical programs in distributed systems: a specification-based approach. In: Proceedings of the IEEE Symposium on Security and Privacy, 175–187 April 1997

48.

Liao, Y., Vemuri, V.R.: Use of k-nearest neighbor classifier for intrusion detection. J. Comput. Secur. 21(5), 439–448 (2002)CrossRef

49.

Pokrajac, D., Lazarevic, A., Latecki, L.: Incremental local outlier detection for data streams. In Proceedings of the IEEE Symposium on Computational Intelligence and Data Mining, 504–515 April 2007

50.

Sun, J., Qu, H., Chakrabarti, D., Faloutsos, C.: Neighborhood formation and anomaly detection in bipartite graph. In Proceedings of the IEEE Fifth International Conference on Data Mining, 418–425 Nov 2005.

51.

Tang, J., Chen, Z., Fu, A., Cheung, D.: Enhancing effectiveness of outlier detections for low density patterns. In: Proceedings of the Sixth Pacific-Asia Conference on Knowledge Discovery and Data Mining, 535–7548 May 2002

52.

Netdetector. http://www.niksun.com/product.php?id=4

53.

Networkminer. http://networkminer.wiki.sourceforge.net/NetworkMiner

54.

Netintercept. http://sandstorm.net/products/netintercept

55.

Wireshark. http://www.wireshark.org

56.

Pouget, F. Dacier, M. :Honeypot-based forensics. In: Proceedings AusCERT2004, Brisbane, 23–27 May 2004

57.

Pouget, F., Dacier, M., Zimmerman, J., Clark, A., Mohay, G.: Internet attack knowledge discovery via clusters and cliques of attack traces. J. Inf. Assur. Secur. 1, 21–32 (2006)

58.

Thonnard, O., Dacier, M.: A framework for attack patterns’ discovery in honeynet data. Digit. Investig. 8, S128–S139 (2008)CrossRef

59.

Jin, H., de Vel, O., Zhang, K., Liu, N.: Knowledge discovery from honeypot data for monitoring malicious attacks. In: Proceedings 21st Australian Joint Conference on Artificial Intelligence: Advances in Artificial Intelligence, Auckland, 470–481 Dec 2008

60.

Yegneswaran, V., Barford, P., Paxson, V.: Using honeypots for internet situational awareness. In Fourth ACM SIGCOMM Workshop on Hot Topics in Networking (Hotnets IV), College Park, Nov 2005

61.

Estan, C. Savage, S. Varghese, G. : Automatically inferring patterns of resource consumption in network traffic. In: Proceeedings of the SIGCOMM’03, Karlsruhe, 25–29 Aug 2003

62.

Karagiannis, T. Papagiannaki, K., Faloutsos, M.: Blinc: multilevel traffic classification in the dark. In: Proceedings of the SIGCOMM’05, Philadelphia, 21–26 Aug 2005

63.

Kannan, J., Jung, J., Paxson, V., Koksal, C.: Semi-automated discovery of application session structure. In: Proceedings of the Sixth ACM SIGCOMM Conference on Internet Measurement (IMC’06), Rio de Janeiro, 119–132 Oct 2006

Titel: Surveillance of anomaly and misuse in critical networks to counter insider threats using computational intelligence
verfasst von: D. Shalini Punithavathani
K. Sujatha
J. Mark Jain
Publikationsdatum: 01.03.2015
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe 1/2015
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-014-0403-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2015

Matching the business perspectives of providers and customers in future cloud markets

Designing interactive narratives for mobile augmented reality

Sequential pattern profiling based bio-detection for smart health service

Evolutionary rule decision using similarity based associative chronic disease patients

Efficient planning of NPC cluster movement in computer game environment

DI-MMAP—a scalable memory-map runtime for out-of-core data-intensive applications