Abstract | ||
---|---|---|
Remote access to distributed hyper-linked informationproves to be one of the killer applications for computernetworks. More and more content in current inter and intranets is available as hyper-data, a form easing its distributionand semantic organization.In the framework of the Internet's Web-Portals and Pay-Sites, mechanisms for login based on username and passwordenable the dynamic customization as well as partial protectionof the content. In other applications (e.g.commercial intra-nets) various similar schemes of authentication are deployed.Nevertheless, stolen passwords are an easy avenue toidentity theft, in both public and commercial data networks.Once a perpetrator enters a system, assuming an authorizeduser's identity, the task of actually detecting this intrusionbecomes non-trivial and is often ignored completely.Thus, in addition to the initial authentication step wepropose a runtime intrusion detection mechanism, required tomaintain a virtually continuous user authentication processand detect identity theft and password misuses.The current paper focuses on designing a pervasiveintrusion detection method for hyper-data systems, based ontraining on and analyzing of access patterns to hyper-linkeddata, aiming at detecting intruders and raising a red flagat the content provider's side. Our solution is based ona new technique, on-the-fly adaptive training for normalityon streams of data access patterns. This enables runtimeintrusion detection through analysis of correlations betweencurrent patterns and the adaptive past-knowledge. Such amethod is to be used in conjunction with current username-password protection schemes. We introduce the motivationbehind our solution, discuss the novel detection and trainingmetrics and propose a real-life deployment design. Weimplement the main algorithm and perform experiments forassessing its intrusion detection ability, with very encouragingresults. We also discuss the deployment of our method fordetecting automatic spam-bot accesses. |
Year | DOI | Venue |
---|---|---|
2003 | 10.1109/ITCC.2003.1197549 | ITCC '03 Proceedings of the International Conference on Information Technology: Computers and Communications |
Keywords | Field | DocType |
web portals,current inter,continuous user authentication,on-the-fly intrusion detection,runtimeintrusion detection,content provider,novel detection,runtime intrusion detection mechanism,pervasiveintrusion detection method,access pattern,automatic spam-bot access,intrusion detection ability,internet,computer network,information retrieval,identity theft,pattern analysis,authorisation,application software,authentication,computer networks,intrusion detection,distributed computing,data access | Host-based intrusion detection system,Authentication,Computer science,Computer security,Login,Identity theft,Computer network,Password,Data access,Intrusion detection system,The Internet | Conference |
ISBN | Citations | PageRank |
0-7695-1916-4 | 3 | 0.63 |
References | Authors | |
5 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Radu Sion | 1 | 1252 | 81.36 |
Mikhail J. Atallah | 2 | 3828 | 340.54 |
Sunil Prabhakar | 3 | 2664 | 152.75 |