Monitoring for slow suspicious activities using a target centric approach

Harsha K. Kalutarage, Siraj A. Shaikh, Qin Zhou, Anne E. James

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Slow, suspicious and increasingly sophisticated malicious activities on modern networks are incredibly hard to detect. Attacker tactics such as source collusion and source address spoofing are common. Effective attribution of attacks therefore is a real challenge. To address this we propose an approach to utilise destination information of activities together with a data fusion technique to combine the output of several information sources to a single profile score. The main contribution of the paper is proposing a radical shift to the focus of analysis. Experimental results offer a promise for target centric monitoring that does not have to rely on possible source aggregation.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages163-168
Number of pages6
Volume8303 LNCS
DOIs
Publication statusPublished - 2013
Externally publishedYes
Event9th International Conference on Information Systems Security, ICISS 2013 - Kolkata, India
Duration: 16 Dec 201320 Dec 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8303 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Conference

Conference9th International Conference on Information Systems Security, ICISS 2013
Country/TerritoryIndia
CityKolkata
Period16/12/201320/12/2013

ASJC Scopus subject areas

  • General Computer Science
  • Theoretical Computer Science

Fingerprint

Dive into the research topics of 'Monitoring for slow suspicious activities using a target centric approach'. Together they form a unique fingerprint.

Cite this