Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks

Harsha K. Kalutarage*, Siraj A. Shaikh, Indika P. Wickramasinghe, Qin Zhou, Anne E. James

*Corresponding author for this work

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

Stealthy attackers move patiently through computer networks - taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10-20% size sampling rates without degrading the quality of detection.

Original languageEnglish
Pages (from-to)327-344
Number of pages18
JournalComputers and Electrical Engineering
Volume47
Early online date18 Jul 2015
DOIs
Publication statusPublished - 01 Oct 2015

Keywords

  • Anomaly detection
  • Bayesian fusion
  • Network simulation
  • Stealthy attacks
  • Traffic sampling

ASJC Scopus subject areas

  • Computer Science(all)
  • Electrical and Electronic Engineering
  • Control and Systems Engineering

Fingerprint Dive into the research topics of 'Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks'. Together they form a unique fingerprint.

Cite this