Privacy-preserving payload-based correlation for accurate malicious traffic detection

Proceedings of the 2006 SIGCOMM Workshop on Large-scale Attack Defense, LSAD'06

Volumn 2006, Issue , 2006, Pages 99-106

  Parekh, Janak J ^a   Wang, Ke ^a   Stolfo, Salvatore J ^a  

^a 450 Computer Science Building ^*  (United States)

Author keywords

Anomaly detection; Distributed intrusion detection; Payload correlation; Privacy preservation; Signature generation

Indexed keywords

ANOMALY DETECTION; DISTRIBUTED INTRUSION DETECTION SYSTEMS (DIDS); PAYLOAD CORRELATION; PRIVACY PRESERVATION; SIGNATURE GENERATION;

CODES (SYMBOLS); CORRELATION METHODS; INTERNET PROTOCOLS; INTRUSION DETECTION; TELECOMMUNICATION TRAFFIC;

COMPUTER PRIVACY;

EID: 34248345975     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1162666.1162667     Document Type: Conference Paper

References (49)

1. R. Agrawal and R. Srikant. Privacy-Preserving Data Mining. In ACM SIGMOD, 2000.
2. K. G. Anagnostakis, M. B. Greenwald, S. Ioannidis, A. D. Keromytis, and D. Li. A Cooperative Immunization System for an Untrusting Internet. In IEEE International Conference on Networks, 2003.
3. M. Bawa, R. J. Bayardo Jr., and R. Agrawal. Privacy-Preserving Indexing of Documents on the Network. In VLDB, 2003.
4. S. M. Bellovin and W. R. Cheswick. Privacy-Enhanced Searches Using Encrypted Bloom Filters, 2004.
5. B. H. Bloom. Space/time trade-offs in Hash Coding with Allowable Errors. Communications of the ACM, 13(7):422-426, 1970.
6. F. Chang, W.-c. Feng, and K. Li. Approximate Caches for Packet Classification. In IEEE INFOCOM, 2004.
7. E. Cooke, F. Jahanian, and D. McPherson. The Zombie Roundup: Understanding, Detecting and Disrupting Botnets. In USENIX SRUTI Workshop, Cambridge, MA, 2005.
8. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-End Containment of Internet Worms. In ACM SOSP, 2005.
9. G. Cretu, J. J. Parekh, K. Wang, and S. J. Stolfo. Intrusion and Anomaly Detection Model Exchange for Mobile Ad-Hoc Networks. In IEEE Consumer Communications and Networking Conference, Las Vegas, NV, 2006.
10. D. Dagon, C. Zou, and W. Lee. Modeling Botnet Propagation Using Time Zones. In Network and Distributed System Security Symposium (NDSS), San Diego, CA, 2006.
11. T. Detristan, T. Ulenspiegel, Y. Malcom, and M. von Underduk. Polymorphic Shellcode Engine Using Spectrum Analysis, 2003.
12. S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood. Deep Packet Inspection using Parallel Bloom Filters. In IEEE Symposium on High Performance Interconnects (HOTI), 2003.
13. W. Du and M. Atallah. Secure Multi-Party Computation Problems and Their Applications: A Review and Open Problems. In New Security Paradigms Workshop, 2001.
14. L. Fan, P. Cao, J. Almeida, and A. Broder. Summary Cache: A Scalable Wide-Area Web Cache Sharing Protocol. In ACM SIGCOMM, 1998.
15. V. Frias-Martinez and S. J. Stolfo. BARTER: Profile Model Exchange for Behavior-based Access Control. Technical report, Columbia University, 2006. Submitted to conference.
16. Q. Huang, H. J. Wang, and N. Borisov. Privacy-Preserving Friends Troubleshooting Network. In NDSS, San Diego, CA, 2005.
17. R. Janakiraman, M. Waldvogel, and Q. Zhang. Indra: A peer-to-peer approach to network intrusion detection and prevention. In WETICE, 2003.
18. H.-A. Kim and B. Karp. Autograph: Toward Automated, Distributed Worm Signature Detection. In USENIX Security Symposium, San Diego, CA, 2004.
19. L. Kissner and D. Song. Privacy-Preserving Set Operations. In CRYPTO, 2005.
20. O. Kolesnikov, D. Dagon, and W. Lee. Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic, 2006.
21. C. Kreibich and J. Crowcroft. Honeycomb - Creating Intrusion Detection Signatures Using Honeypots. In ACM Workshop on Hot Topics in Networks, Boston, MA, 2003.
22. C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Polymorphic Worm Detection Using Structural Information of Executables. In Symposium on Recent Advances in Intrusion Detection, Seattle, WA, 2005.
23. C. Kruegel, T. Toth, and C. Kerer. Decentralized Event Correlation for Intrusion Detection. In International Conference on Information Security and Cryptology, 2002.
24. Z. Liang and R. Sekar. Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecing Servers. In ACM Conference on Computer and Communications Security, Alexandria, VA, 2005.
25. P. Lincoln, P. Porras, and V. Shmatikov. Privacy-Preserving Sharing and Correlation of Security Alerts. In USENIX Security, 2004.
26. M. E. Locasto, J. J. Parekh, A. D. Keromytis, and S. J. Stolfo. Towards Collaborative Security and P2P Intrusion Detection. In IEEE Information Assurance Workshop, West Point, NY, 2005.
27. M. E. Locasto, S. Sidiroglou, and A. D. Keromytis. Software Self-Healing Using Collaborative Application Communities. In Internet Society (ISOC) Symposium on Network and Distributed Systems Security, pages 95-106, San Diego, CA, 2006.
28. M. E. Locasto, K. Wang, A. D. Keromytis, and S. J. Stolfo. FLIPS: Hybrid Adaptive Intrusion Prevention. In Symposium on Recent Advances in Intrusion Detection, Seattle, WA, 2005.
29. J. Newsome, D. Brumley, and D. Song. Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software. In Network and Distributed Security Symposium (NDSS), San Diego, CA, 2006.
30. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically Generating Signatures for Polymorphic Worms. In IEEE Security and Privacy, Oakland, CA, 2005.
31. J. J. Parekh, K. Wang, and S. J. Stolfo. Privacy-Preserving Payload-Based Correlation for Accurate Malicious Traffic Detection. Technical report, 2006. http://mice.cs.columbia.edu/getTechreport.php?techreportID=409.
32. P. Porras and P. G. Neumann. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In National Information Systems Security Conference, 1997.
33. H. Project and R. Alliance. Know your Enemy: Tracking Botnets, 3/13/05 2005. http://www.honeynet.org/papers/bots/. [34] S. Singh, C. Estan, G. Varghese, and S. Savage. Automated Worm Fingerprinting. In 6th Symposium on Operating Systems Design and Implementation (OSDI '04), San Francisco, CA, 2004.
34. S. Staniford-Chen, S. Cheung, R. Crawford, and M. Dilger. GrIDS -A Graph Based Intrusion Detection System for Large Networks. In National Information Computer Security Conference, Baltimore, MD, 1996.
35. S. Staniford-Chen, V. Paxson, and N. Weaver. How to Own the Internet in Your Spare Time. In USENIX Security, 2002.
36. S. J. Stolfo. Worm and Attack Early Warning: Piercing Stealthy Reconnaissance. IEEE Security and Privacy, 2004.
37. S. J. Stolfo, A. L. Prodromidis, S. Tselepis, W Lee, D. W. Fan, and P. Chan. JAM: Java Agents for Meta-Learning over Distributed Databases. In International Conference on Knowledge Discovery and Data Mining, Newport Beach, CA, 1997.
38. Y. Tang and S. Chen. Defending Against Internet Worms: A Signature-Based Approach. In IEEE Infocom, Miami, FL, 2005.
39. J. Ullrich. DShield home page, 2005. http://www.dshield.org.
40. D. Wagner and P. Soto. Mimicry Attacks on Host-Based Intrusion Detection Systems. In ACM CCS, 2002.
41. H. J. Wang, C. Guo, D. R. Simon, and A. Zugenmaier. Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. In ACM SIGCOMM, 2004.
42. H. J. Wang, J. C. Platt, Y. Chen, R. Zhang, and Y.-M. Wang. Automatic Misconfiguration Troubleshooting with PeerPressure. In OSDI, San Francisco, 2004.
43. K. Wang, G. Cretu, and S. J. Stolfo. Anomalous Payload-based Worm Detection and Signature Generation. In Symposium on Recent Advances in Intrusion Detection, Seattle, WA, 2005.
44. K. Wang, J. J. Parekh, and S. J. Stolfo. Anagram: A Content Anomaly Detector Resistant to Mimicry Attack. In Symposium on Recent Advances in Intrusion Detection, Hamburg, Germany, 2006.
45. K. Wang and S. J. Stolfo. Anomalous Payload-based Network Intrusion Detection. In Symposium on Recent Advances in Intrusion Detection, Sophia Antipolis, France, 2004.
46. D. Xu and P. Ning. Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach. In 21st Annual Computer Security Applications Conference, Tucson, AZ, 2005.
47. A. C. Yao. Protocols for Secure Computations. In IEEE Symposium on Foundations of Computer Science, 1982.
48. V. Yegneswaran, P. Barford, and S. Jha. Global Intrusion Detection in the DOMINO Overlay System. In NDSS, 2004.
49. V. Yegneswaran, J. T. Giffin, P. Barford, and S. Jha. An Architecture for Generating Semantics-Aware Signatures. In USENIX Security Symposium, 2005.