Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks

Harsha K. Kalutarage; Siraj A. Shaikh; Indika P. Wickramasinghe; Qin Zhou; Anne E. James

doi:10.1016/j.compeleceng.2015.07.007

Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks

Harsha K. Kalutarage^*, Siraj A. Shaikh, Indika P. Wickramasinghe, Qin Zhou, Anne E. James

^*Corresponding author for this work

School of Electronics, Electrical Engineering and Computer Science

Research output: Contribution to journal › Article › peer-review

11 Citations (Scopus)

Abstract

Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20% size sampling rates without degrading the quality of detection.

Original language	English
Pages (from-to)	327-344
Number of pages	18
Journal	Computers & Electrical Engineering
Volume	47
Early online date	18 Jul 2015
DOIs	https://doi.org/10.1016/j.compeleceng.2015.07.007
Publication status	Published - 01 Oct 2015

Keywords

Anomaly detection
Bayesian fusion
Network simulation
Stealthy attacks
Traffic sampling

ASJC Scopus subject areas

General Computer Science
Electrical and Electronic Engineering
Control and Systems Engineering

Access to Document

10.1016/j.compeleceng.2015.07.007

Cite this

@article{f08f3d628acd484c862698e8b30c374f,

title = "Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks",

abstract = "Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20% size sampling rates without degrading the quality of detection.",

keywords = "Anomaly detection, Bayesian fusion, Network simulation, Stealthy attacks, Traffic sampling",

author = "Kalutarage, {Harsha K.} and Shaikh, {Siraj A.} and Wickramasinghe, {Indika P.} and Qin Zhou and James, {Anne E.}",

year = "2015",

month = oct,

day = "1",

doi = "10.1016/j.compeleceng.2015.07.007",

language = "English",

volume = "47",

pages = "327--344",

journal = "Computers & Electrical Engineering",

issn = "0045-7906",

publisher = "Elsevier Ltd",

}

TY - JOUR

T1 - Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks

AU - Kalutarage, Harsha K.

AU - Shaikh, Siraj A.

AU - Wickramasinghe, Indika P.

AU - Zhou, Qin

AU - James, Anne E.

PY - 2015/10/1

Y1 - 2015/10/1

N2 - Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20% size sampling rates without degrading the quality of detection.

AB - Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20% size sampling rates without degrading the quality of detection.

KW - Anomaly detection

KW - Bayesian fusion

KW - Network simulation

KW - Stealthy attacks

KW - Traffic sampling

UR - http://www.scopus.com/inward/record.url?scp=84937142760&partnerID=8YFLogxK

U2 - 10.1016/j.compeleceng.2015.07.007

DO - 10.1016/j.compeleceng.2015.07.007

M3 - Article

AN - SCOPUS:84937142760

SN - 0045-7906

VL - 47

SP - 327

EP - 344

JO - Computers & Electrical Engineering

JF - Computers & Electrical Engineering

ER -

Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this