Sciweavers

NSPW
2003
ACM

Locality: a new paradigm for thinking about normal behavior and outsider threat

14 years 4 months ago
Locality: a new paradigm for thinking about normal behavior and outsider threat
Locality as a unifying concept for understanding the normal behavior of benign users of computer systems is suggested as a unifying paradigm that will support the detection of malicious anomalous behaviors. The paper notes that locality appears in many dimensions and applies to such diverse mechanisms as the working set of IP addresses contacted during a web browsing session, the set of email addresses with which one customarily corresponds, the way in which pages are fetched from a web site. In every case intrusive behaviors that violate locality are known to exist and in some cases, the violation is necessary for the intrusive behavior to achieve its goal. If this observation holds up under further investigation, we will have a powerful way of thinking about security and intrusive activity. Categories and Subject Descriptors C.2 [Computer-Communications Networks]: Local and Wide-Area Networks; C.2.5 [Local and Wide-Area Networks]: Internet—observations of traffic characteristics G...
John McHugh, Carrie Gates
Added 05 Jul 2010
Updated 05 Jul 2010
Type Conference
Year 2003
Where NSPW
Authors John McHugh, Carrie Gates
Comments (0)