How do we effectively monitor for slow suspicious activities?

Harsha K. Kalutarage, Siraj A. Shaikh, Qin Zhou, Anne E. James

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

As computer networks scale up in size and traffic volume, detecting slow suspicious activity, deliberately designed to stay beneath the threshold, becomes ever more difficult. Simply storing all packet captures for analysis is not feasible due to computational constraints. Detecting such activity depends on maintaining traffic history over extended periods of time, and using it to distinguish between suspicious and innocent nodes. The doctoral work presented here aims to adopt a Bayesian approach to address this problem, and to examine the effectiveness of such an approach under different network conditions: multiple attackers, traffic volume, subnet configuration and traffic sampling. We provide a theoretical account of our approach and very early experimental results.

Original languageEnglish
Title of host publicationProceedings of the Doctoral Symposium at the International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013
PublisherCEUR-WS
Pages36-40
Number of pages5
Volume965
Publication statusPublished - 2013
Externally publishedYes
EventInternational Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013 - Rocquencort, Paris, France
Duration: 27 Feb 201301 Mar 2013

Conference

ConferenceInternational Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013
CountryFrance
CityParis
Period27/02/201301/03/2013

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint Dive into the research topics of 'How do we effectively monitor for slow suspicious activities?'. Together they form a unique fingerprint.

Cite this