Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks

Harsha K. Kalutarage*, Siraj A. Shaikh, Indika P. Wickramasinghe, Qin Zhou, Anne E. James

*Corresponding author for this work

Research output: Contribution to journalArticle

5 Citations (Scopus)

Abstract

Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20% size sampling rates without degrading the quality of detection.

Original languageEnglish
Pages (from-to)327-344
Number of pages18
JournalComputers and Electrical Engineering
Volume47
Early online date18 Jul 2015
DOIs
Publication statusPublished - 01 Oct 2015

Fingerprint

Computer networks
Sampling
Monitoring
Data reduction
Fusion reactions

Keywords

  • Anomaly detection
  • Bayesian fusion
  • Network simulation
  • Stealthy attacks
  • Traffic sampling

Cite this

Kalutarage, Harsha K. ; Shaikh, Siraj A. ; Wickramasinghe, Indika P. ; Zhou, Qin ; James, Anne E. / Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks. In: Computers and Electrical Engineering. 2015 ; Vol. 47. pp. 327-344.
@article{f08f3d628acd484c862698e8b30c374f,
title = "Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks",
abstract = "Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20{\%} size sampling rates without degrading the quality of detection.",
keywords = "Anomaly detection, Bayesian fusion, Network simulation, Stealthy attacks, Traffic sampling",
author = "Kalutarage, {Harsha K.} and Shaikh, {Siraj A.} and Wickramasinghe, {Indika P.} and Qin Zhou and James, {Anne E.}",
year = "2015",
month = "10",
day = "1",
doi = "10.1016/j.compeleceng.2015.07.007",
language = "English",
volume = "47",
pages = "327--344",
journal = "Computers and Electrical Engineering",
issn = "0045-7906",
publisher = "Elsevier Limited",

}

Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks. / Kalutarage, Harsha K.; Shaikh, Siraj A.; Wickramasinghe, Indika P.; Zhou, Qin; James, Anne E.

In: Computers and Electrical Engineering, Vol. 47, 01.10.2015, p. 327-344.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks

AU - Kalutarage, Harsha K.

AU - Shaikh, Siraj A.

AU - Wickramasinghe, Indika P.

AU - Zhou, Qin

AU - James, Anne E.

PY - 2015/10/1

Y1 - 2015/10/1

N2 - Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20% size sampling rates without degrading the quality of detection.

AB - Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20% size sampling rates without degrading the quality of detection.

KW - Anomaly detection

KW - Bayesian fusion

KW - Network simulation

KW - Stealthy attacks

KW - Traffic sampling

UR - http://www.scopus.com/inward/record.url?scp=84937142760&partnerID=8YFLogxK

U2 - 10.1016/j.compeleceng.2015.07.007

DO - 10.1016/j.compeleceng.2015.07.007

M3 - Article

AN - SCOPUS:84937142760

VL - 47

SP - 327

EP - 344

JO - Computers and Electrical Engineering

JF - Computers and Electrical Engineering

SN - 0045-7906

ER -