Sciweavers

AAAI
2006

When Gossip is Good: Distributed Probabilistic Inference for Detection of Slow Network Intrusions

14 years 26 days ago
When Gossip is Good: Distributed Probabilistic Inference for Detection of Slow Network Intrusions
Intrusion attempts due to self-propagating code are becoming an increasingly urgent problem, in part due to the homogeneous makeup of the internet. Recent advances in anomalybased intrusion detection systems (IDSs) have made use of the quickly spreading nature of these attacks to identify them with high sensitivity and at low false positive (FP) rates. However, slowly propagating attacks are much more difficult to detect because they are cloaked under the veil of normal network traffic, yet can be just as dangerous due to their exponential spread pattern. We extend the idea of using collaborative IDSs to corroborate the likelihood of attack by imbuing end hosts with probabilistic graphical models and using random messaging to gossip state among peer detectors. We show that such a system is able to boost a weak anomaly detector D to detect an order-of-magnitude slower worm, at false positive rates less than a few per week, than would be possible using D alone at the end-host or on a ne...
Denver Dash, Branislav Kveton, John Mark Agosta, E
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2006
Where AAAI
Authors Denver Dash, Branislav Kveton, John Mark Agosta, Eve M. Schooler, Jaideep Chandrashekar, Abraham Bachrach, Alex Newman
Comments (0)