Surveillance of anomaly and misuse in critical networks to counter insider threats using computational intelligence

Cluster Computing

Volumn 18, Issue 1, 2015, Pages 435-451

  Punithavathani, D Shalini ^a   Sujatha, K ^a   Jain, J Mark ^b  

^a GOVERNMENT COLLEGE OF ENGINEERING   (India)

^b ANNA UNIVERSITY   (India)

Author keywords

Computational intelligence log files; Digital evidence; Insider threat; Network forensics; Network traffic

Indexed keywords

COMPUTATION THEORY; INTELLIGENT COMPUTING; SECURITY OF DATA;

DIGITAL EVIDENCE; FORENSIC INVESTIGATION; IMPORTANT FEATURES; INFORMATION SECURITY PRACTICE; INSIDER THREAT; LOG FILE; MALICIOUS ACTIVITIES; NETWORK TRAFFIC;

DIGITAL FORENSICS;

EID: 84925534015     PISSN: 13867857     EISSN: 15737543     Source Type: Journal    
DOI: 10.1007/s10586-014-0403-y     Document Type: Article

References (63)

1. Santos Jr, E., Nguyen, H., Yu, F., Kim, K.J., Li, D., Wilkinson, J.T., Olson, A., Russell, J., Clark, B.: Intelligence analyses and the insider threat. IEEE Trans. Syst. Man Cybern. 42(2), 331–347 (2012)
2. Schonlau, M., DuMouchel, W., Ju, W.-H., Karr, A.F.: Computer intrusion: detecting masquerades. Stat. Sci. 16(1), 58–74 (2001)
3. Chebrolu, S., Abraham, A., Thomas, J.P.: Feature deduction and ensemble design of intrusion detection systems. Comput. Secur. 24(4), 295–307 (2005)
4. Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39, 424–430 (2012)
5. Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Department of Computer Engineering, Chalmers University of Technology, Tech. Rep. 2000
6. Snort. http://www.snort.org
7. Tripwire. http://www.tripwire.com/
8. Venema, W.: Tcp wrapper: network monitoring, access control, and booby traps. In: Proceedings of the 3rd USENIX UNIX Security Symposium, 14–16, 85–92 September 1992
9. Chen, Y., Nyemba, S., Malin, B.: Detecting anomalous insiders in collaborative information systems. IEEE Trans. Dependable Secur. Comput. 9(3), 332–344 (2012)
10. Chen, Y. Malin, B.: Detection of anomalous insiders in collaborative environments via relational analysis of access logs. In: Proceedings of the First ACM Conference on Data and Application Security Security and Privacy, 63–74 Nov 2011
11. Zhu, Ying: Attack pattern discovery in forensic investigation of network attacks. IEEE J. Sel. Areas Commun. 29(7), 1349–1357 (2011)
12. Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31, 2435–2463 (1999)
13. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the Thirteenth Systems Administration Conference (LISA 1999), Seattle, 7–12 Nov 1999
14. Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: Proceedings of the SIGCOMM’05, Philadelphia, 21–26 Aug 2005
15. Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of the 6th Symposium on Operating Systems Design and Implementation (OSDI’04). USENIX, San Fransisco, 2004
16. Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature representations for insider threat detection. In: Proceedings from the 6th Annual IEEE SMC IAW, 340–347 June 2005
17. Liu, A., Martin, C., Hetherington, T., Matzner, S.: AI lessons learned from experiments in insider threat detection. In: Proceedings of the AAAI Spring Symposium, 49–55 March 2006
18. Kirkpatrick, M., Bertino, E., Sheldon, F.: An architecture for contextual insider threat detection. cspurdueedu. 1–11 (2009)
19. Yang, Y. Tzi-cker, C.: Display-only file server: a solution against information theft due to insider attack. In: Proceedings of the ACM Workshop on Digital Rights, 31–39 2004
20. Suranjan, P., Vidyaraman, S., Shambhu, U.: Security policies to mitigate insider threat in the document control domain. In: Proceedings of the Computer Security Applications Conference, 304–313 2004
21. Maloof, M., Stephens, G. D.: ELICIT: a system for detecting insiders who violate need-to-know. In: Proceedings of the Recent Advances in Intrusion Detection, 146–166 Sept 2007
22. Natarajan, A., Hossain, L.: Towards a social network approach for monitoring insider threats to information security. In: Proceedings of the 2nd NSF/NIJ Symposium on Intelligence and Security Informatics, Tucson, 501–507 June 2004
23. Symonenko, S., Liddy, E. D., Yilmazel, O., Del Zoppo, R., Brown, E., Downey, M.: Semantic analysis for monitoring insider threats. In: Proceedings of the 2nd NSF/NIJ Symposium on Intelligence and Security Informatics, Tucson, 492–500 June 2004
24. Yilmazel, O., Symonenko, S., Balasubramanian, N., Liddy, E.D.: Terrorism informatics. Leveraging One-Class SVM and Semantic Analysis to Detect Anomalous Content. Springer, New York (2008)
25. Pfleeger, C.P.:Reflections on the insider threat. In: Insider Attack and Cyber Security: Beyond the Hacker, pp. 5–16. Springer, New York (2008)
26. Hunker, J., Probst, C.W.: Insiders and insider threats—an overview of definitions and mitigation techniques. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 2(1), 4–27 (2011)
27. Nguyen, H., Santos, E. Jr., Zhao, Q., Wang, H.: Capturing user intent for information retrieval. In: Proceedings of the 48th Annual Meeting HFES, New Orleans, 371–375 Sept 2004
28. Santos, E. Jr., Zhao, Q., Nguyen, H., Wang, H.: Impacts of user modeling on personalization of information retrieval: an evaluation with human intelligence analysts. In: Proceedings of the 4th Workshop on the Evaluation of Adaptive Systems, Conjunction With UM, 27–36 July 2005
29. Nguyen, H.: Capturing user intent for information. Dissertation, Ph.D., University of Connecticut (2005)
30. Probst, C., Hansen, R.R., Nielson, F.: Where can an insider attack? In: Proceedings of the Workshop Formal Aspects in Security and Trust, 127–142 March 2006
31. Schultz, E.: A framework for understanding and predicting insider attacks. Comput. Secur. 21(6), 526–531 (2002)
32. Stolfo, S., Bellovin, S., Hershkop, S., Keromytis, A., Sinclair, S., Smith, S.W.: Insider Attack and Cyber Security: Beyond the Hacker. Springer, New York (2008)
33. Tuglular, T., Spafford, E.: A framework for characterization of insider computer misuse. Unpublished paper, 1997
34. Georgiadis, C., Mavridis, I., Pangalos, G., Thomas, R.:Flexible team-based access control using contexts. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, 21–27 May 2001
35. Park, J., Sandhu, R., Ahn, G.: Role-based access control on the web. ACM Trans. Inf. Syst. Secur. 4(1), 37–71 (2001)
36. Thomas, R., Sandhu, S.: Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. In: Proceedings of the IFIP 11th International Conference on Database Securty, 166–181 Aug 1997
37. Peleg, M., Beimel, D., Dori, D., Denekamp, Y.: Situation-based access control: privacy management via modeling of patient data access scenarios. J. Biomed. Inform. 41(6), 1028–1040 (2008)
38. Casey, E.: Network traffic as a source of evidence: tool strengths, weaknesses, and future needs. Elsevier J. Digit. Investig. 1, 28–43 (2004)
39. Corey, V.: Network forensics analysis. IEEE Internet Comput. 6(6), 60–66 (2002)
40. Berghel, H.: The discipline of internet forensics. Commun. ACM 46(8), 15–20 (2003)
41. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)
42. Kang, D.-K., Fuller, D., Honavar, V.: Learning classifiers for misuse detection using a bag of system calls representation. In: Proceedings from the 6th Annual IEEE SMC IAW, 118–125 June 2005
43. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, 120–128 May 1996
44. Mutz, D., Robertson, W., Vigna, G., Kemmerer, R.: Exploiting execution context for the detection of anomalous system calls. In: Proceedings of the International Symposium on RAID, Gold Coast, 1–20 Sept 2007
45. Sharif, M. S., Singh, K., Giffin, J., Lee, W.: Understanding precision in host based intrusion detection. In: Proceedings of the International Symposium on RAID, 21–41 Sept 2007
46. Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network intrusion detection. IEEE Netw. 8(3), 26–41 (1994)
47. Ko, C.: Execution monitoring of security-critical programs in distributed systems: a specification-based approach. In: Proceedings of the IEEE Symposium on Security and Privacy, 175–187 April 1997
48. Liao, Y., Vemuri, V.R.: Use of k-nearest neighbor classifier for intrusion detection. J. Comput. Secur. 21(5), 439–448 (2002)
49. Pokrajac, D., Lazarevic, A., Latecki, L.: Incremental local outlier detection for data streams. In Proceedings of the IEEE Symposium on Computational Intelligence and Data Mining, 504–515 April 2007
50. Sun, J., Qu, H., Chakrabarti, D., Faloutsos, C.: Neighborhood formation and anomaly detection in bipartite graph. In Proceedings of the IEEE Fifth International Conference on Data Mining, 418–425 Nov 2005.
51. Tang, J., Chen, Z., Fu, A., Cheung, D.: Enhancing effectiveness of outlier detections for low density patterns. In: Proceedings of the Sixth Pacific-Asia Conference on Knowledge Discovery and Data Mining, 535–7548 May 2002
52. Netdetector. http://www.niksun.com/product.php?id=4
53. Networkminer. http://networkminer.wiki.sourceforge.net/NetworkMiner
54. Netintercept. http://sandstorm.net/products/netintercept
55. Wireshark. http://www.wireshark.org
56. Pouget, F. Dacier, M.:Honeypot-based forensics. In: Proceedings AusCERT2004, Brisbane, 23–27 May 2004
57. Pouget, F., Dacier, M., Zimmerman, J., Clark, A., Mohay, G.: Internet attack knowledge discovery via clusters and cliques of attack traces. J. Inf. Assur. Secur. 1, 21–32 (2006)
58. Thonnard, O., Dacier, M.: A framework for attack patterns’ discovery in honeynet data. Digit. Investig. 8, S128–S139 (2008)
59. Jin, H., de Vel, O., Zhang, K., Liu, N.: Knowledge discovery from honeypot data for monitoring malicious attacks. In: Proceedings 21st Australian Joint Conference on Artificial Intelligence: Advances in Artificial Intelligence, Auckland, 470–481 Dec 2008
60. Yegneswaran, V., Barford, P., Paxson, V.: Using honeypots for internet situational awareness. In Fourth ACM SIGCOMM Workshop on Hot Topics in Networking (Hotnets IV), College Park, Nov 2005
61. Estan, C. Savage, S. Varghese, G.: Automatically inferring patterns of resource consumption in network traffic. In: Proceeedings of the SIGCOMM’03, Karlsruhe, 25–29 Aug 2003
62. Karagiannis, T. Papagiannaki, K., Faloutsos, M.: Blinc: multilevel traffic classification in the dark. In: Proceedings of the SIGCOMM’05, Philadelphia, 21–26 Aug 2005
63. Kannan, J., Jung, J., Paxson, V., Koksal, C.: Semi-automated discovery of application session structure. In: Proceedings of the Sixth ACM SIGCOMM Conference on Internet Measurement (IMC’06), Rio de Janeiro, 119–132 Oct 2006