Abstract | ||
---|---|---|
The science DMZ is a specialized network model developed to guarantee secure and efficient transfer of data for large-scale distributed research. To enable a high level of performance, the Science DMZ includes dedicated data transfer nodes (DTNs). Protecting these DTNs is crucial to maintaining the overall security of the network and the data, and insider attacks are a major threat. Although some limited network intrusion detection systems (NIDS) are deployed to monitor DTNs, this alone is not sufficient to detect insider threats. Monitoring for abnormal system behavior, such as unusual sequences of system calls, is one way to detect insider threats. However, the relatively predictable behavior of the DTN suggests that we can also detect unusual activity through monitoring system performance, such as CPU and disk usage, along with network activity. In this paper, we introduce a potential insider attack scenario, and show how readily available system performance metrics can be employed to detect data tampering within DTNs, using DBSCAN clustering to actively monitor for unexpected behavior. |
Year | DOI | Venue |
---|---|---|
2020 | 10.1109/CNS48642.2020.9162260 | 2020 IEEE Conference on Communications and Network Security (CNS) |
Keywords | DocType | ISSN |
Science DMZ,data transfer node (DTN),scientific workflows,system performance metrics,computer security,insider attack,anomaly detection,machine learning,DBSCAN,clustering. | Conference | 2474-025X |
ISBN | Citations | PageRank |
978-1-7281-4761-1 | 0 | 0.34 |
References | Authors | |
11 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ross K. Gegan | 1 | 0 | 0.68 |
Brian Perry | 2 | 0 | 0.34 |
Dipak Ghosal | 3 | 2848 | 163.40 |
Matt Bishop | 4 | 34 | 5.74 |