An attack-norm separation approach for detecting cyber attacks

Information Systems Frontiers

Volumn 8, Issue 3, 2006, Pages 163-177

  Ye, Nong ^a,b,c,d,e   Farley, Toni ^a,e,f   Lakshminarasimhan, Deepak ^a,f  

^a ARIZONA STATE UNIVERSITY   (United States)

^b Department of Industrial Engineering ^*  (United States)

^c Arizona State University   (United States)

^d ASU   (United States)

^e IEEE   (United States)

^f Information and Systems Assurance Laboratory   (United States)

Author keywords

Computer and network security; Cyber attacks; Intrusion detection; Signal detection; Signal processing

Indexed keywords

ATTACK-NORM SEPARATION APPROACH; COMPUTER AND NETWORK SECURITY; CYBER ATTACKS; INTRUSION DETECTION;

COMPUTER SYSTEM FIREWALLS; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; INTERNET; SIGNAL DETECTION; SIGNAL PROCESSING; SPURIOUS SIGNAL NOISE;

COMPUTER CRIME;

EID: 33745925265     PISSN: 13873326     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10796-006-8731-y     Document Type: Article

References (31)

1. Atlas L, Duhamel P. Recent developments in the core of digital signal processing. IEEE Signal Processing Magazine 1999; 16(1):16-31.
2. Bailey TC, Sapatinas T, Powell KJ, Krzanowski WJ. Signal detection in underwater sound using wavelets. Journal of the American Statistical Association 1998;93(441):73-83.
3. Botella F, Rosa-Herranz J, Giner JJ, Molina S, Galiana-Merino JJ. A real-time earthquake detector with prefiltering by wavelets. Computers & Geosciences 2003;29(7):911-919.
4. Box G, Luceno A. Statistical Central by Monitoring and Feedback Adjustment. New York: John Wiley & Sons, 1997.
5. Fan W, Miller M, Stolfo S, Lee W, Chan P. Using artificial anomalies to detect unknown and known network intrusions. In: Proceedings of The First IEEE International Conference on Data Mining. San Jose, CA, 2001.
6. Garvey T, Lunt T. Model-based intrusion detection. In 14th National Computer Security Conference (NCSC). Baltimore, Maryland, 1991.
7. Ghosh A, Schwartzbard A, Schatz M. Learning program behavior profiles for intrusion detection. In 1st USENIX Workshop on Intrusion Detection and Network Monitoring. Santa Clara, CA, 1999.
8. Jain AK, Duin P, Mao J. Statistical pattern recognition: Review. IEEE Transactions on Pattern Analysis and Machine Intelligence 2000;22(1):4-37.
9. Johnson RA, Wichern DW. Applied Multivariate Statistical Analysis. Upper Saddle River, New Jersey: Prentice Hall, 1998.
10. Kruegel C, Vigna G. Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS '03). Washington, DC, ACM Press, 2003:251-261.
11. Lakshminarasimhan DK. Wavelet based cyber attack detection. Master's Thesis, Arizona State University, November 2005.
12. Lane T, Brodley C. Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security August 1999;2(3):295-331.
13. Lee W, Stolfo S, Chan P, Eskin E, Fan W, Miller M, Hershkop S, Zhang J. Real time data mining-based intrusion detection. In: Proceedings of the 2001 DARPA Information Survivability Conference and Exposition (DISCEX11). Anaheim, CA, 2001.
14. Lee W, Stolfo S, Mok K. A Data Mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy. Oakland, CA, 1999.
15. Lee W, Stolfo S, Mok K. Adaptive intrusion detection: A data mining approach, In: Artificial Intelligence Review. Kluwer Academic Publishers, December 2000;14(6):533-567.
16. Lee W, Stolfo S, Mok K. Mining audit data to build intrusion detection models. In: Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining (KDD '98). New York, NY, 1998
17. Lee W, Stolfo S. A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security 2000;3(4).
18. Lunt T. Automated audit trail analysis and intrusion detection: A survey. In: 14th National Computer Security Conference (NCSC), Baltimore, MD, 1988.
19. Proctor PE. Practical Intrusion Detection HandBook. 3rd edn. Prentice Hall, 2001.
20. Skoudis E. Counter Hack. Upper Saddle River, New Jersey, Prentice Hall PTR, 2002.
21. Vigna G, Robertson W, Kher V, Kemmerer RA. A stateful intrusion detection system for world-wide web servers. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC). Las Vegas, NV, 2003;34-43.
22. Warrander C, Forrest S, Pearlmutter B. Dectecting intrusions using system calls: alternative data models. IEEE Symposium on Security and Privacy. Oakland, CA, 1999.
23. Ye N. QoS-centric stateful resource management in information systems. Information Systems Frontiers 2002;4(2): 149-160.
24. Ye N. (ed.). The Handbook of Data Mining. Mahwah, New Jersey: Lawrence Erlbaum Associates, 2003.
25. Ye N. Mining computer and network security data. In: Ye N. eds., The Handbook of Data Mining. Mahwah, New Jersey: Lawrence Erlbaum Associates, 2003;617-636.
26. Ye N, Bashettihalli H, Parley T. "Attack profiles to derive data observations, features, and characteristics of cyber attacks." Information, Knowledge, Systems Management 2005-2006;5(1):23-47.
27. Ye N. Chen Q. Computer intrusion detection through EWMA for autocorrelated and uncorrelated data. IEEE Transactions on Reliability 2003;52(1):73-82.
28. Ye N, Chen Q. Computer intrusion detection through EWMA for autocorrelated and uncorrelated data. IEEE Transactions on Reliability 2003:52(1):73-82.
29. Ye N, Jearkpaporn D, Lakshminarasimhan DK. Extraction and detection of signal features and characteristics in the physical space: Towards signal detection in the Cyberspace. Proceedings of the IEEE, (in review).
30. Ye N, Li X, Chen Q, Emran SM, Xu M. Probabilistic techniques for intrusion detection based on computer audit data. IEEE Transactions on Systems, Man, and Cybernetics 2001;31(4):266-274.
31. Ye N. Napatkamon A, Farley T. Correlations of activity, state and performance data on computers and networks in attack and normal conditions. IEEE Transactions on Dependable and Secure Computing (in review).