Bottleneck Verification to Find Novel New Attacks with a Low False - Alarm Rate , First

نویسندگان

  • Seth E. Webster
  • Dan J. Weber
چکیده

A new low-complexity approach to intrusion detection called "bottleneck verification" was developed which can find novel attacks with low false alarm rates. Bottleneck verification is a general approach to intrusion detection designed specifically for systems where there are only a few legal "bottleneck" methods to transition to a higher privilege level and where it is relatively easy to determine when a user is at a higher level. The key concept is to detect 1) When legal bottleneck methods are used and 2) When a user is at a high privilege level. This approach detects an attack whenever a user performs operations at a high privilege level without using legal bottleneck methods to transition to that level. It can theoretically detect any novel attack which illegally transitions a user to a high privilege level without prior knowledge of the attack

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Detecting and displaying novel computer attacks with Macroscope

Opinions, interpretations, conclusions, and recommendations are those of the authors and are not necessarily endorsed by the United States Air Force. Abstract-Macroscope is a network-based intrusion detection system that uses Bottleneck Verification to detect user-to-superuser attacks. Bottleneck Verification (BV) detects novel computer attacks by looking for users performing high privilege ope...

متن کامل

Intrusion Detection based on a Novel Hybrid Learning Approach

Information security and Intrusion Detection System (IDS) plays a critical role in the Internet. IDS is an essential tool for detecting different kinds of attacks in a network and maintaining data integrity, confidentiality and system availability against possible threats. In this paper, a hybrid approach towards achieving high performance is proposed. In fact, the important goal of this paper ...

متن کامل

FDMG: Fault detection method by using genetic algorithm in clustered wireless sensor networks

Wireless sensor networks (WSNs) consist of a large number of sensor nodes which are capable of sensing different environmental phenomena and sending the collected data to the base station or Sink. Since sensor nodes are made of cheap components and are deployed in remote and uncontrolled environments, they are prone to failure; thus, maintaining a network with its proper functions even when und...

متن کامل

Results of the DARPA 1998 Offline Intrusion Detection Evaluation

DARPA sponsored the first realistic and systematic evaluation of research intrusion detection systems in 1998. As part of this evaluation, MIT Lincoln Laboratory developed a test network which simulated a medium-size government site. Background traffic was generated over two months using custom traffic generators which looked like 100’s of users on 1000’s of hosts performing a wide variety of t...

متن کامل

Skilled Impostor Attacks Against Fingerprint Verification Systems And Its Remedy

Fingerprint verification systems are becoming ubiquitous in everyday life. This trend is propelled especially by the proliferation of mobile devices with fingerprint sensors such as smartphones and tablet computers, and fingerprint verification is increasingly applied for authenticating financial transactions. In this study we describe a novel attack vector against fingerprint verification syst...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011