Distributed network intrusion detection has attracted much attention recently. The main focus in this work is on zero-day, slow-scanning worms, of which no existing signatures are available. End hosts are organized into regions based on network knowledge, which it posits is positively correlated to the dependency structure. Leveraging on this organization, different intrusion detection techniques are applied within and across regions. A Hidden Markov Model (HMM) is used within a region to capture the dependency among hosts, and use Sequential Hypothesis Testing (SHT) globally to take advantage of the independence between regions.
Did you find this white paper useful?
Related white papers
Balancing Security Against Productivity
What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Novell Zenworks Endpoint Security Management: Total Control from a Single Console
Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...
No More FTP: Eliminate FTP and Email Attachment Issues
Today's business environment requires ad hoc and instantaneous sharing of information. Systems for sending large files have not kept pace with the needs of today's enterprise, where increasingly large and...
Maximizing the Value of Network Intrusion Detection
Security policies address information assets or mission critical systems that need protecting. Starting with creating a perimeter to separate the private enterprise network from the Internet cloud, the security policy will generally specify...
ManTrap: Covertly Protect Your Network from Attack and Intrusion
Threat management on the Internet is far more difficult than in traditional domains because of the speed with which new threats emerge, propagate and affect sites. In traditional domains, you...
Securing PeopleSoft Data
Not implementing security at the database level in a client/server environment places an organization at high risk to security related losses. PeopleSoft is only one of a number of tools that...
