Cross-Domain Collaborative Anomaly Detection: So Far Yet So Close

机译：跨域协作异常检测：到目前为止还很近

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Web applications have emerged as the primary means of access to vital and sensitive services such as online payment systems and databases storing personally identifiable information. Unfortunately, the need for ubiquitous and often anonymous access exposes web servers to adversaries. Indeed, network-borne zero-day attacks pose a critical and widespread threat to web servers that cannot be mitigated by the use of signature-based intrusion detection systems. To detect previously unseen attacks, we correlate web requests containing user submitted content across multiple web servers that is deemed abnormal by local Content Anomaly Detection (CAD) sensors. The cross-site information exchange happens in real-time leveraging privacy preserving data structures. We filter out high entropy and rarely seen legitimate requests reducing the amount of data and time an operator has to spend sifting through alerts. Our results come from a fully working prototype using eleven weeks of real-world data from production web servers. During that period, we identify at least three application-specific attacks not belonging to an existing class of web attacks as well as a wide-range of traditional classes of attacks including SQL injection, directory traversal, and code inclusion without using human specified knowledge or input.

机译：Web应用程序已成为访问重要和敏感服务的主要手段，例如在线支付系统和存储个人身份信息的数据库。不幸的是，对无处不在且通常是匿名访问的需求使Web服务器容易受到攻击。实际上，网络传播的零日攻击对Web服务器构成了严重且广泛的威胁，而使用基于签名的入侵检测系统无法缓解这种威胁。为了检测以前看不见的攻击，我们将包含多个站点服务器上用户提交的内容的Web请求相关联，这些请求被本地内容异常检测（CAD）传感器视为异常。跨站点信息交换是利用隐私保护数据结构实时进行的。我们过滤掉高熵，很少见到合法请求，从而减少了操作员在警报中进行筛选所需的数据量和时间。我们的结果来自一个完全正常工作的原型，该原型使用了来自生产Web服务器的11周的真实数据。在此期间，我们识别出至少三种不属于现有Web攻击类别的特定于应用程序的攻击，以及不使用人工指定知识或不包含人类特定知识的各种传统攻击类别，包括SQL注入，目录遍历和代码包含输入。

著录项

来源
《Recent advances in intrusion detection》|2011年|p.142-160|共19页
会议地点 Menlo Park CA(US);Menlo Park CA(US)
作者
Nathaniel Boggs; Sharath Hiremagalore; Angelos Stavrou; Salvatore J. Stolfo;
展开▼
作者单位

Department of Computer Science, Columbia University;

Department of Computer Science, George Mason University;

Department of Computer Science, George Mason University;

Department of Computer Science, Columbia University;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类安全保密;
关键词
intrusion detection; web security; anomaly detection; at-tacks; defenses; collaborative security;

机译：入侵检测;网络安全；异常检测；大头针防御协同安全;

相似文献

外文文献
中文文献
专利

1. Anomaly-based intrusion detection of jamming attacks, local versus collaborative detection [J] . Fragkiadakis Alexandros G., Siris Vasilios A., Petroulakis Nikolaos E., Wireless communications & mobile computing . 2015,第2期

机译：干扰攻击的基于异常的入侵检测，本地与协作检测
2. Self-weighted collaborative representation for hyperspectral anomaly detection [J] . Rong Wang, Haojie Hu, Fang He, Signal processing . 2020,第Deca期

机译：高光谱异常检测的自加权协作表示
3. Low rank and collaborative representation for hyperspectral anomaly detection via robust dictionary construction [J] . Su Hongjun, Wu Zhaoyue, Zhu A-Xing, ISPRS Journal of Photogrammetry and Remote Sensing . 2020,第Nova期

机译：通过稳健字典建设进行高光谱异常检测的低等级和协作表示
4. Cross-Domain Collaborative Anomaly Detection: So Far Yet So Close [C] . Nathaniel Boggs, Sharath Hiremagalore, Angelos Stavrou, International symposium on recent advances in intrusion detection . 2011

机译：跨域协作异常检测：到目前为止如此接近
5. Privacy-preserving collaborative anomaly detection [D] . Ringberg, Haakon Andreas 2009

机译：隐私保护协作异常检测
6. A Cross-Domain Collaborative Filtering Algorithm Based on Feature Construction and Locally Weighted Linear Regression [O] . Xu Yu, Jun-yu Lin, Feng Jiang, 2018

机译：基于特征构造和局部加权线性回归的跨域协同过滤算法
7. Cross-domain Collaborative Anomaly Detection: So Far Yet So Close ⋆ [O] . Nathaniel Boggs, Sharath Hiremagalore, Angelos Stavrou, 2012

机译：跨域协作异常检测：迄今为止如此接近⋆

Cross-Domain Collaborative Anomaly Detection: So Far Yet So Close

摘要

著录项

相似文献

相关主题

期刊订阅