TY - GEN
T1 - Monitoring for slow suspicious activities using a target centric approach
AU - Kalutarage, Harsha K.
AU - Shaikh, Siraj A.
AU - Zhou, Qin
AU - James, Anne E.
PY - 2013
Y1 - 2013
N2 - Slow, suspicious and increasingly sophisticated malicious activities on modern networks are incredibly hard to detect. Attacker tactics such as source collusion and source address spoofing are common. Effective attribution of attacks therefore is a real challenge. To address this we propose an approach to utilise destination information of activities together with a data fusion technique to combine the output of several information sources to a single profile score. The main contribution of the paper is proposing a radical shift to the focus of analysis. Experimental results offer a promise for target centric monitoring that does not have to rely on possible source aggregation.
AB - Slow, suspicious and increasingly sophisticated malicious activities on modern networks are incredibly hard to detect. Attacker tactics such as source collusion and source address spoofing are common. Effective attribution of attacks therefore is a real challenge. To address this we propose an approach to utilise destination information of activities together with a data fusion technique to combine the output of several information sources to a single profile score. The main contribution of the paper is proposing a radical shift to the focus of analysis. Experimental results offer a promise for target centric monitoring that does not have to rely on possible source aggregation.
UR - http://www.scopus.com/inward/record.url?scp=84893081266&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-45204-8_12
DO - 10.1007/978-3-642-45204-8_12
M3 - Conference contribution
AN - SCOPUS:84893081266
SN - 9783642452031
VL - 8303 LNCS
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 163
EP - 168
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
T2 - 9th International Conference on Information Systems Security, ICISS 2013
Y2 - 16 December 2013 through 20 December 2013
ER -