Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks

Harsha Kalutarage, Siraj A. Shaikh, I.P. Wickramasinghe, Qin Zhou, Anne James

    Research output: Contribution to journalArticle

    7 Citations (Scopus)
    42 Downloads (Pure)

    Abstract

    Stealthy attackers move patiently through computer networks – taking days, weeks or months to accomplish their objectives in order to avoid detection. As networks scale up in size and speed, monitoring for such attack attempts is increasingly a challenge. This paper presents an efficient monitoring technique for stealthy attacks. It investigates the feasibility of proposed method under number of different test cases and examines how design of the network affects the detection. A methodological way for tracing anonymous stealthy activities to their approximate sources is also presented. The Bayesian fusion along with traffic sampling is employed as a data reduction method. The proposed method has the ability to monitor stealthy activities using 10–20% size sampling rates without degrading the quality of detection. Publisher statement: NOTICE: this is the author’s version of a work that was accepted for publication in Computers & Electrical Engineering. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers & Electrical Engineering, [VOL 47, (2015)] DOI: 10.1016/j.compeleceng.2015.07.007. © 2015, Elsevier. Licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International http://creativecommons.org/licenses/by-nc-nd/4.0/
    Original languageEnglish
    Pages (from-to)327–344
    JournalComputers & Electrical Engineering
    Volume47
    DOIs
    Publication statusPublished - 18 Jul 2015

    Bibliographical note

    NOTICE: this is the author’s version of a work that was accepted for publication in Computers & Electrical Engineering. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers & Electrical Engineering, [VOL 47, (2015)] DOI: 10.1016/j.compeleceng.2015.07.007.
    © 2015, Elsevier. Licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International http://creativecommons.org/licenses/by-nc-nd/4.0/

    Keywords

    • Stealthy attacks
    • Bayesian fusion
    • Network simulation
    • Traffic sampling
    • Anomaly detection

    Fingerprint Dive into the research topics of 'Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks'. Together they form a unique fingerprint.

  • Cite this