Identifying compromised users in shared computing infrastructures: A data-driven Bayesian network approach

Proceedings of the IEEE Symposium on Reliable Distributed Systems

Volumn , Issue , 2011, Pages 127-136

  Pecchia, Antonio ^a   Sharma, Aashish ^b   Kalbarczyk, Zbigniew ^b   Cotroneo, Domenico ^a   Iyer, Ravishankar K ^b  

^a UNIVERSITY OF NAPLES FEDERICO II   (Italy)

^b UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

Author keywords

Bayesian network; correlation; credential stealing; intrusion detection; security

Indexed keywords

AUTHENTICATION PROTOCOLS; COMPUTING INFRASTRUCTURES; CREDENTIAL STEALING; DATA-DRIVEN; FALSE POSITIVE; GROWING DEMAND; HIGH-PERFORMANCE COMPUTING; INCIDENT DATA; KEY CHARACTERISTICS; LEGITIMATE USERS; MONITORING TOOLS; NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS; PUBLIC NETWORKS; SECURITY; SECURITY INCIDENT; SECURITY TOOLS; STORAGE CAPABILITY; UNIVERSITY OF ILLINOIS;

BAYESIAN NETWORKS; COMPUTER SOFTWARE SELECTION AND EVALUATION; INTRUSION DETECTION; NETWORK SECURITY; OPTICAL CORRELATION;

DISTRIBUTED COMPUTER SYSTEMS;

EID: 83155160991     PISSN: 10609857     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SRDS.2011.24     Document Type: Conference Paper

References (25)

1. http://www.top500.org - TOP 500 List.
2. J. Zhou, M. Heckman, B. Reynolds, A. Carlson, M. Bishop, "Modeling network intrusion detection alerts for correlation", ACM Transactions on Information and System Security, 10(1), 2007.
3. R. Vaarandi "SEC - A Lightweight event correlation tool", in Proc. of IEEE IPOM'02, 2002.
4. A. Sharma, Z. Kalbarczyk, J. Barlow, R. Iyer, "Analysis of Security Data from a Large Computing Organization", in Proc. of the International Conference on Dependable Systems and Networks, 2011, 506-517.
5. F. Jensen, "Bayesian Networks and Decision Graphs", Springer, New York, USA, 2001.
6. J. Pearl, "Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference", Morgan Kaufmann, 1997.
7. http://www.ncsa.illinois.edu/BlueWaters - National Center for Supercomputing Applications, Blue Waters project.
8. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, M. Zaharia, "A view of cloud computing", Commun. ACM 53, 4, April 2010, 50-58.
9. W. Mendenhall, T. Sincich, "Statistic for the Engineering and Computer Sciences", 2nd ed., San Francisco, CA, Dellen, 1988.
10. T. Holz, M. Engelberth, F. Freiling, "Learning More About the Underground Economy: a Case-Study of Keyloggers and Dropzones", Reihe Informatik TR-2008-006, University of Mannheim, Germany.
11. R. Oppliger, R. Rytz, T. Holderegger, "Internet Banking: Client-Side Attacks and Protection Mechanisms", IEEE Computer Security, 42(6), June 2009.
12. F. Weimer, "New openssl packages fix predictable random number generator" (http://lists.debian.org/debian-security-announce).
13. S.E. Schechter, J. Jung, W. Stockwell, C. Mclain, "Inoculating SSH Against Address-Harvesting Worms".
14. N. Haller, "The S/KEY One-Time Password System", in Proc. of the Internet Society Symposium on Network and Distributed Systems, 1994.
15. N. Provos, "A Virtual Honeypot Framework", USENIX Security Symposium, USENIX, 2004.
16. M. Cukier, R. Berthier, S. Panjwani, S. Tan, "A Statistical Analysis of Attack Data to Separate Attacks", in Proc. of the International Conference on Dependable Systems and Networks, 2006, 383-392.
17. E. Eskin, A. Arnold, M. Prerau, L. Portnoy, S. Stolfo, "A generic framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data", in Data Mining for Security Applications, Kluwer, 2002.
18. B. Schneier, "Two-factor authentication: too little, too late", Communications of the ACM, 48(4), 2005.
19. M. Frigault, L. Wang, "Measuring Network Security Using Bayesian- Network-based Attack Graphs", STPSA 2008.
20. G. Modelo-Howard, S. Bagchi, G. Lebanon, "Determining Placement of Intrusion Detectors for a Distributed Application through Bayesian Network modeling". RAID, September 2008.
21. R. Dantu, P. Kolan. "Risk management using behavior based bayesian netowrks". IEEE Int.l Conf. on Intelligence and Security Informatics, May 2005.
22. P. Xie, J.H. Li, X. Ou, P. Liu, R. Levy, "Using Bayesian Networks for Cyber Security Analysis", in Proc. of the International Conference on Dependable Systems and Networks, 2010, 211-220.
23. P.G. Bringas, "Intensive use of Bayesian belief networks for the unified, flexible, and adaptable analysis of misuses and anomalies in network intrusion detection and prevention systems", in Proc. of the 18th Int.l Conf- on Database and Expert Systems Applications, 2002.
24. C. Kruegel, D. Mutz, W. Robertson, F. Valuer, "Bayesian Event Classification for Intrusion Detection", Proc. ACSAC 03, Dec. 2003.
25. W. Tylman, "Misuse-based intrusion detection using Bayesian Networks", in Proc. of the 3rd Int.l Conference on Dependability of Computer Systems DepCoS-Relcomex, 2008.