Abstract Details
Activity Number:
|
668
|
Type:
|
Topic Contributed
|
Date/Time:
|
Thursday, August 8, 2013 : 10:30 AM to 12:20 PM
|
Sponsor:
|
Section on Statistics in Epidemiology
|
Abstract - #310418 |
Title:
|
Intrusion as (Anti)Social Communication: Characterization and Detection
|
Author(s):
|
Natallia Katenka*+
|
Companies:
|
University of Rhode Island
|
Keywords:
|
|
Abstract:
|
A reasonable definition of intrusion is: entering a community to which one does not belong. This suggests that in a network, intrusion attempts may be detected by looking for communication that does not respect community boundaries. In this paper, we examine the utility of this concept for identifying malicious network sources. In particular, our goal is to explore whether this concept allows a core-network operator using flow data to augment signature-based systems located at network edges. We show that simple measures of communities can be defined for flow data that allow a remarkably effective level of intrusion detection simply by looking for flows that do not respect those communities. We validate our approach using labeled intrusion attempt data collected at a large number of edge networks. Our results suggest that community-based methods can offer an important additional dimension for intrusion detection systems.
|
Authors who are presenting talks have a * after their name.
Back to the full JSM 2013 program
|
2013 JSM Online Program Home
For information, contact jsm@amstat.org or phone (888) 231-3473.
If you have questions about the Continuing Education program, please contact the Education Department.
The views expressed here are those of the individual authors and not necessarily those of the JSM sponsors, their officers, or their staff.
Copyright © American Statistical Association.