More Web Proxy on the site http://driver.im/

research-article

Event stream database based architecture to detect network intrusion: (industry article)

Author:

Vikram KumaranAuthors Info & Claims

DEBS '13: Proceedings of the 7th ACM international conference on Distributed event-based systems

Pages 241 - 248

https://doi.org/10.1145/2488222.2488276

Published: 29 June 2013 Publication History

Abstract

This paper presents a novel network intrusion detection architecture built on a real-time streaming database platform. The architecture addresses both misuse and anomaly detection and is built to handle the high data volume, velocity and variety of traffic seen in enterprise networks through the use of in-memory stream processing. Traditional intrusion pattern detection systems look at the internal attributes of individual events to determine malicious intent; our architecture supports and extends that paradigm by adding the ability to detect both malicious and anomalous intrusion patterns in multi-step event sequences. The approach uses context based stream partitioning to minimize noise in input streams. The solution employs event labeling to reduce dimensionality and manage complexity of raw input streams. The architecture allows for aggregating alerts from an ensemble of detectors to provide a more reliable result by minimizing false positives. Furthermore, it allows domain experts to define high-level rules to filter trivial alerts. In this publication we will present the internals our architecture, its merits, along with a detailed description of our reference implementation.

References

[1]

A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller. 2010. An Overview of IP Flow-Based Intrusion Detection. Commun. Surveys Tuts. 12, 3 (July 2010), 343--356. DOI=10.1109/SURV.2010.032210.00054 http://dx.doi.org/10.1109/SURV.2010.032210.00054

Digital Library

[2]

Amer Farroukh, Mohammad Sadoghi, and Hans-Arno Jacobsen. 2011. Towards vulnerability-based intrusion detection with event processing. In Proceedings of the 5th ACM international conference on Distributed event-based system (DEBS '11). ACM, New York, NY, USA, 171--182. DOI=10.1145/2002259.2002284 http://doi.acm.org/10.1145/2002259.2002284

Digital Library

[3]

Chris Sinclair, Lyn Pierce, and Sara Matzner. 1999. An Application of Machine Learning to Network Intrusion Detection. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC '99). IEEE Computer Society, Washington, DC, USA, 371-.

Digital Library

[4]

Chuck Cranor, Theodore Johnson, Oliver Spataschek, and Vladislav Shkapenyuk. 2003. Gigascope: a stream database for network applications. In Proceedings of the 2003 ACM SIGMOD international conference on Management of data (SIGMOD '03). ACM, New York, NY, USA, 647--651.

Digital Library

[5]

Drools, http://www.jboss.org/drools/

[6]

Franklin, M. J., Krishnamurthy, S., Conway, N., Li, A., Russakovsky, A., & Thombre, N. 2009. Continuous analytics: Rethinking query processing in a network-effect world. In CIDR Conference.

[7]

Gianpaolo Cugola and Alessandro Margara. 2012. Processing flows of information: From data stream to complex event processing. ACM Comput. Surv. 44, 3, Article 15 (June 2012), 62 pages.

Digital Library

[8]

Gregor Schaffrath and Burkhard Stiller. 2008. Conceptual Integration of Flow-Based and Packet-Based Network Intrusion Detection. In Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services (AIMS '08). Springer-Verlag, Berlin, Heidelberg, 190--194.

Digital Library

[9]

Hervé Debar and Andreas Wespi. 2001. Aggregation and Correlation of Intrusion-Detection Alerts. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID '00), Wenke Lee, Ludovic Mé, and Andreas Wespi (Eds.). Springer-Verlag, London, UK, UK, 85--103.

Digital Library

[10]

Hu, W., Liao, Y., & Vemuri, V. R. 2003. Robust anomaly detection using support vector machines. In Proceedings of the international conference on machine learning, 282--289.

[11]

Kai Hwang, Min Cai, Ying Chen, and Min Qin. 2007. Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes. IEEE Trans. Dependable Secur. Comput. 4, 1 (January 2007), 41--55.

Digital Library

[12]

Karen A. Scarfone and Peter M. Mell. 2007. SP 800--94. Guide to Intrusion Detection and Prevention Systems (Idps). Technical Report. NIST, Gaithersburg, MD, United States.

Digital Library

[13]

Lunt, T. F., Jagannathan, R., Lee, R., Whitehurst, A., & Listgarten, S. 1989. Knowledge-based intrusion detection. In AI Systems in Government Conference, 1989., Proceedings of the Annual, 102--107. IEEE.

[14]

M. Ali Aydin, A. Halim Zaim, and K. Gokhan Ceylan. 2009. A hybrid intrusion detection system design for computer network security. Comput. Electr. Eng. 35, 3 (May 2009),

Digital Library

[15]

Nahla Ben Amor, Salem Benferhat, and Zied Elouedi. 2004. Naive Bayes vs decision trees in intrusion detection systems. In Proceedings of the 2004 ACM symposium on Applied computing (SAC '04). ACM, New York, NY, USA, 420--424.

Digital Library

[16]

Robin Sommer and Vern Paxson. 2003. Enhancing byte-level network intrusion detection signatures with context. In Proceedings of the 10th ACM conference on Computer and communications security (CCS '03). ACM, New York, NY,

Digital Library

[17]

Robin Sommer and Vern Paxson. 2010. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP '10). IEEE Computer Society, Washington, DC, USA, 305--316.

Digital Library

[18]

Shashank Shanbhag and Tilman Wolf. 2009. Accurate anomaly detection through parallelism. Netwrk. Mag. of Global Internetwkg. 23, 1 (January 2009), 22--28.

Digital Library

[19]

Steven Andrew Hofmeyr. 1999. An Immunological Model of Distributed Detection and its Application to Computer Security. Ph.D. Dissertation. The University of New Mexico. Advisor(s) Stephanie Forrest. AAI9926862.

[20]

Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2012. Anomaly Detection for Discrete Sequences: A Survey. IEEE Trans. on Knowl. and Data Eng. 24, 5 (May 2012), 823--839.

Digital Library

[21]

Wang, K., & Stolfo, S. 2004. Anomalous payload-based network intrusion detection. In Recent Advances in Intrusion Detection, 203--222. Springer Berlin/Heidelberg.

[22]

Young, G., & Pescatore, J. 2009. Magic quadrant for network intrusion prevention system appliances. Gartner Core RAS Research Note G, 167303, 1--12.

[23]

Zhang, Z., Li, J., Manikopoulos, C. N., Jorgenson, J., & Ucles, J. 2001. HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In Proc. IEEE Workshop on Information Assurance and Security, 85--90

Cited By

Zimin AMishchenko ISteinert R(2021)Event stream classification with limited labeled data for e-commerce monitoring2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS54544.2021.00089(796-806)Online publication date: Dec-2021
https://doi.org/10.1109/QRS54544.2021.00089
Ramaki ARasoolzadegan ABafghi A(2018)A Systematic Mapping Study on Intrusion Alert Analysis in Intrusion Detection SystemsACM Computing Surveys10.1145/318489851:3(1-41)Online publication date: 22-Jun-2018
https://dl.acm.org/doi/10.1145/3184898
Gad RStewart RMichaelson G(2017)Evolution of a Stream Transformation DSLProceedings of the 2nd International Workshop on Real World Domain Specific Languages10.1145/3039895.3039897(1-10)Online publication date: 4-Feb-2017
https://dl.acm.org/doi/10.1145/3039895.3039897
Show More Cited By

Index Terms

Event stream database based architecture to detect network intrusion: (industry article)
1. Networks
  1. Network services
2. Security and privacy
  1. Network security

Recommendations

Monitoring Network Traffic to Detect Stepping-Stone Intrusion
AINAW '08: Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - Workshops

Most network intruders tend to use stepping-stones to attack or to invade other hosts to reduce the risks of being discovered. There have been many approaches that were proposed to detect stepping-stone since 1995. One of those approaches proposed by A. ...
A New Model to Detect Stepping-Stone Intrusion
IWCSE '09: Proceedings of the 2009 Second International Workshop on Computer Science and Engineering - Volume 01

Most researchers do not distinguish stepping-stone detection and stepping-stone intrusion detection, thus introduce more false positive errors in detecting stepping-stone intrusion. Those approaches proposed to detect stepping-stone intrusion are ...
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

DEBS '13: Proceedings of the 7th ACM international conference on Distributed event-based systems

June 2013

360 pages

ISBN:9781450317580

DOI:10.1145/2488222

General Chairs:
Sharma Chakravarthy
The University of Texas at Arlington, USA
,
Susan D. Urban
Texas Tech University, USA
,
Program Chairs:
Peter Pietzuch
Imperial College, UK
,
Elke Rundensteiner
Worcester Polytechnic Institute, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 June 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

DEBS '13

Sponsor:

DEBS '13: The 7th ACM International Conference on Distributed Event-Based Systems

June 29 - July 3, 2013

Texas, Arlington, USA

Acceptance Rates

DEBS '13 Paper Acceptance Rate 16 of 58 submissions, 28%;

Overall Acceptance Rate 145 of 583 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
292
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zimin AMishchenko ISteinert R(2021)Event stream classification with limited labeled data for e-commerce monitoring2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS54544.2021.00089(796-806)Online publication date: Dec-2021
https://doi.org/10.1109/QRS54544.2021.00089
Ramaki ARasoolzadegan ABafghi A(2018)A Systematic Mapping Study on Intrusion Alert Analysis in Intrusion Detection SystemsACM Computing Surveys10.1145/318489851:3(1-41)Online publication date: 22-Jun-2018
https://dl.acm.org/doi/10.1145/3184898
Gad RStewart RMichaelson G(2017)Evolution of a Stream Transformation DSLProceedings of the 2nd International Workshop on Real World Domain Specific Languages10.1145/3039895.3039897(1-10)Online publication date: 4-Feb-2017
https://dl.acm.org/doi/10.1145/3039895.3039897
Gad RKappes MMedina-Bulo I(2015)Improving network traffic acquisition and processing with the Java Virtual Machine2015 IEEE Symposium on Computers and Communication (ISCC)10.1109/ISCC.2015.7405539(347-352)Online publication date: Jul-2015
https://doi.org/10.1109/ISCC.2015.7405539

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents