The Advanced Computing Systems Association Proceedings of the Workshop on Intrusion Detection and Network Monitoring Transaction-based Anomaly Detection Transaction-based Anomaly Detection

The increasing complexity of both tele and data communication networks yields new demands concerning network security. Especially the task of detecting, repulsing and preventing abuse by in- and outsiders is becoming more and more difficult. This paper deals with a new technique that appears to be suitable for solving these issues, i.e. anomaly detection based on the specification of transactions. The traditional transaction and serialization concepts are discussed, and a new model of anomaly detection, based on the concept of transactions, is introduced. Applying this model to known attacks gives a first insight concerning the feasibility of our approach.

[1]  Andreas Reuter,et al.  Principles of transaction-oriented database recovery , 1983, CSUR.

[2]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[3]  Sjouke Mauw,et al.  Message Sequence Chart (MSC) , 1996 .

[4]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[5]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .

[6]  Biswanath Mukherjee,et al.  Detecting disruptive routers: a distributed network monitoring approach , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[7]  Karl N. Levitt,et al.  Protecting routing infrastructures from denial of service using cooperative intrusion detection , 1998, NSPW '97.

[8]  Peter Reichl,et al.  How to increase security in mobile networks by anomaly detection , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[9]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[11]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[12]  George Coulouris,et al.  Distributed systems - concepts and design , 1988 .

[13]  Stuart Staniford-Chen,et al.  Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[14]  Jr. Allen B. Tucker,et al.  The Computer Science and Engineering Handbook , 1997 .

[15]  Karl N. Levitt,et al.  Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[16]  Kenneth P. Birman,et al.  Building Secure and Reliable Network Applications [Book Review] , 1998, IEEE Concurrency.

[17]  Michel A. Reniers,et al.  An Algebraic Semantics of Basic Message Sequence Charts , 1994, Comput. J..

[18]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[19]  A. Fleischmann Distributed Systems , 1994, Springer Berlin Heidelberg.

[20]  Fred Halsall,et al.  Data communications, computer networks and open systems (3. ed.) , 1995, Electronic-systems engineering series.

[21]  Fred Halsall,et al.  Data communications, computer networks and open systems (3. ed.) , 1995, Electronic-systems engineering series.