| Publisher | Rutgers, State University of New Jersey | ||
|---|---|---|---|
| Format | 381.6KB PDF | Date added | 29 Nov 2006 |
| Topics | Security Tools | ||
| Downloads | 1 | ||
This paper presents an adaptive end-host anomaly detector where a supervised classifier trained as a traffic predictor is used to control a time-varying detection threshold. Training and testing it on real traffic traces collected from a number of end-hosts, it shows the detector dominates an existing fixed threshold detector. This comparison is robust to the choice of off-the-shelf classifier employed, and to a variety of performance criteria: the predictor's error rate, the reduction in the "Threshold gap" and the ability to detect the simulated threat of incremental worm traffic added to the traces. This detector is intended as a part of a distributed worm detection system that infers system-wide threats from end-host detections, thereby avoiding the sensing and resource limitations of conventional centralized systems.
Did you find this white paper useful?
10 out of 18 users found this white paper useful
Related white papers
Compliance with Data Handling Procedures in UK Government
The UK Data Handling Procedures in Government Report set out clear and mandatory procedures to be followed by all government employees that have access to and responsibility for citizen data....
Not an End In Itself: Information Protection and Return on Risk
Information protection, a core discipline of information stewardship, must balancing rick mitigation with utility. This white paper deals with the shift in "is this technology secure enough" to "we can...
IDENTITY AND ACCESS MANAGEMENT
This CA whitepaper explores how a comprehensive identity and access management solution can help reduce security risk and achieve easier compliance
Beyond URL Filtering: Why a Secure Web Gateway is the answer
"The Internet is a vital part of business life, but one that also exposes employees and employers to significant security threats. Download this whitepaper to learn about various web-based threats, and...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Lumension Security Application Scanner
The Lumension Security Application Scanner is a network-based scanning utility that provides IT departments and executives the ability to discover what applications are running within a network. Unwanted and unauthorized applications...
Not All Malware Detection is Created Equal
The internet is now the number-one conduit for infecting users with malware. Sophos detects a new infected web page every few seconds. This white paper outlines the terms you need...
