User intention-based traffic dependence analysis for anomaly detection

Proceedings - IEEE CS Security and Privacy Workshops, SPW 2012

Volumn , Issue , 2012, Pages 104-112

  Zhang, Hao ^a   Banick, William ^a   Yao, Danfeng ^a   Ramakrishnan, Naren ^a  

^a VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY   (United States)

Author keywords

Anomaly detection; Dependence; Network traffic; User behaviors

Indexed keywords

ANOMALOUS EVENTS; ANOMALY DETECTION; DEPENDENCE; DEPENDENCE ANALYSIS; EXPERIMENTAL EVALUATION; FALSE ALARMS; FRAMEWORK AND ALGORITHMS; MALICIOUS CODES; NETWORK TRAFFIC; SPY-WARE; STORAGE REQUIREMENTS; USER ACTION; USER ACTIVITY; USER BEHAVIORS;

ALGORITHMS;

BEHAVIORAL RESEARCH;

EID: 84864242247     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SPW.2012.15     Document Type: Conference Paper

References (32)

1. H. M. J. Almohri, D. D. Yao, and D. G. Kafura. Identifying native applications with high assurance. In ACM Conference on Data and Application Security and Privacy (CODASPY), pages 275-282. ACM, 2012.
2. X. An, D. N. Jutla, and N. Cercone. Privacy intrusion detection using dynamic bayesian networks. In International Conference on Electronic Commerce (ICEC), pages 208-215, 2006.
3. Top 10 Blocked URLs and Domains. http://us.trendmicro.com/us/trendwatch/ current-threat-activity/malicious-url-info/top10-blocked-urls-domains/.
4. K. Borders and A. Prakash. Web Tap: Detecting covert web traffic. In Proceedings of the 11th ACM Conference on Computer and Communication Security, pages 110-120, 2004.
5. K. Borders and A. Prakash. Quantifying information leaks in outbound web traffic. In Proceedings of the IEEE Symposium on Security and Privacy, May 2009.
6. Technical Details about Trojan.Brojack. https://www.symantec.com/en/uk/ security response/writeup.jsp?docid=2008-070310-5229-99.
7. E. Bursztein and J. Goubault-Larrecq. A logical framework for evaluating network resilience against faults and attacks. In Computer and Network Security, 12th Asian Computing Science Conference (ASIAN), pages 212-227, 2007.
8. V. Chandola, A. Banerjee, and V. Kumar. Anomaly detection: A survey. ACM Comput. Surv., 41:15:1-15:58, July 2009.
9. M. Christodorescu, S. Jha, and C. Kruegel. Mining specifications of malicious behavior. In G. Shroff, P. Jalote, and S. K. Rajamani, editors, ISEC, pages 5-14. ACM, 2008.
10. W. Cui, Y. H. Katz, and W. tian Tan. Binder: An extrusionbased breakin detector for personal computers. In In Proceedings: USENIX Annual Technical Conference, page 4, 2005.
11. D. E. Denning. An intrusion-detection model. IEEE Transactions on Software Engineering, SE-13(2), February 1987.
12. R. Gummadi, H. Balakrishnan, P. Maniatis, and S. Ratnasamy. Not-a-Bot: Improving service availability in the face of botnet attacks. In Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NDSI), 2009.
13. Hypertext transfer protocol - http/1.1, 1999. http://tools.ietf.org/html/ rfc2616#section-15.1.3.
14. R. Hasan, R. Sion, and M. Winslett. Preventing history forgery with secure provenance. TOS, 5(4), 2009.
15. L. T. Heberlein, G. V. Dias, K. N. Levitt, B. Mukherjee, J. Wood, and D. Wolber. A network security monitor. In Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, pages 296-304, May 1990.
16. J. Jung, A. Sheth, B. Greenstein, D. Wetherall, G. Maganis, and T. Kohno. Privacy oracle: a system for finding application leaks with black box differential testing. In Proceedings of Computer and Communications Security (CCS), 2008.
17. L. Kagal, C. Hanson, and D. J. Weitzner. Using dependency tracking to provide explanations for policy management. In POLICY, pages 54-61, 2008.
18. D. Kumar, N. Ramakrishnan, R. F. Helm, and M. Potts. Algorithms for storytelling. IEEE Trans. Knowl. Data Eng., 20(6):736-751, 2008.
19. D. Patnaik, S. Laxman, and N. Ramakrishnan. Discovering excitatory relationships using dynamic bayesian networks. Knowledge and Information Systems, pages 1-31, 2010. 10.1007/s10115-010-0344-6.
20. An SSL proxying technique to sniff HTTPs packets. http://www. charlesproxy.com/documentation/proxying/ssl-proxying/.
21. F. B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security (TISSEC), 3(1):30-50, 2000.
22. S.-P. Shieh and V. D. Gligor. On a pattern-oriented model for intrusion detection. IEEE Transactions on Knowledge and Data Engineering, 9(4), July/August 1997.
23. S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, T. Grance, L. T. Heberlein, C.-L. Ho, K. N. Levitt, B. Mukherjee, D. L. Mansur, K. L. Pon, and S. E. Smaha. A system for distributed intrusion detection. COMPCOM Spring '91 Digest of Papers, pages 170-176, February/March 1991.
24. A. Srivastava and J. T. Giffin. Automatic discovery of parasitic malware. In Recent Advances in Intrusion Detection (RAID), pages 97-117, 2010.
25. D. Stefan, C. Wu, D. Yao, and G. Xu. Cryptographic provenance verification for the integrity of keystrokes and outbound network traffic. In Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS), June 2010.
26. H. S. Teng, K. Chen, and S. C.-Y. Lu. Adaptive real-time anomaly detection using inductively generated sequential patterns. Security and Privacy, IEEE Symposium on, 0:278, 1990.
27. TLogger - An Firefox Extension. http://dubroy.com/tlogger/.
28. A. Viswanathan, A. Hussain, J. Mirkovic, S. Schwab, and J. Wroclawski. A semantic framework for data analysis in networked systems. In Proceedings of the 8th USENIX conference on Networked systems design and implementation, NSDI'11, pages 10-10, Berkeley, CA, USA, 2011. USENIX Association.
29. K. Xu, H. Xiong, C. Wu, D. Stefan, and D. Yao. Data-provenance verification for secure hosts. IEEE Transactions on Dependable and Secure Computing, 9:173-183, 2012.
30. K. Xu, D. Yao, Q. Ma, and A. Crowell. Detecting infection onset with behavior-based policies. In Proceedings of the Fifth International Conference on Network and System Security (NSS), September 2011.
31. M. J. Zaki and N. Ramakrishnan. Reasoning about sets using redescription mining. In R. Grossman, R. J. Bayardo, and K. P. Bennett, editors, KDD, pages 364-373. ACM, 2005.
32. H. Zhang, W. Banick, D. Yao, and N. Ramakrishnan. User intentionbased traffic dependence analysis for anomaly detection. Technical report, Department of Computer Science, Virginia Tech, Blacksburg, Virginia, February 2012.