HMMs for Optimal Detection of Cybernet Attacks

The rapid detection of attackers within firewalls of computer networks is of paramount importance. Anomaly detectors address this problem by quantifying deviations from baseline statistical models of normal network behavior. However anomaly detectors have many false positives, severely limiting their practical utility. To circumvent this problem we need to evaluate both the likelihood of observed network behavior given that no attacker is present (as in anomaly detectors) and the likelihood given that an attacker is present. Any realistic stochastic model for behavior of a compromised network must work in continuous time, with many

[1]  Hans-Peter Kriegel,et al.  Pattern Mining in Frequent Dynamic Subgraphs , 2006, Sixth International Conference on Data Mining (ICDM'06).

[2]  Lawrence B. Holder,et al.  Insider Threat Detection Using a Graph-Based Approach , 2010 .

[3]  David H. Wolpert,et al.  Estimating Functions of Distributions Defined over Spaces of Unknown Size , 2013, Entropy.

[4]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[5]  Hristo Djidjev,et al.  Graph Based Statistical Analysis of Network Traffic , 2011 .

[6]  Christian P. Robert,et al.  Monte Carlo Statistical Methods , 2005, Springer Texts in Statistics.

[7]  Lorie M. Liebrock,et al.  Differentiating User Authentication Graphs , 2013, 2013 IEEE Security and Privacy Workshops.

[8]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[9]  D. Hand,et al.  Bayesian anomaly detection methods for social networks , 2010, 1011.1788.

[10]  C. Hummel Why Crack When You Can Pass the Hash? , 2015 .

[11]  Wenke Lee,et al.  Misleading worm signature generators using deliberate noise injection , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[12]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[13]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[14]  Arnaud Doucet,et al.  An overview of sequential Monte Carlo methods for parameter estimation in general state-space models , 2009 .

[15]  D. Wolpert,et al.  Distribution-Valued Solution Concepts , 2013 .

[16]  D. Gillespie Exact Stochastic Simulation of Coupled Chemical Reactions , 1977 .

[17]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[18]  Curtis B. Storlie,et al.  Scan Statistics for the Online Detection of Locally Anomalous Subgraphs , 2013, Technometrics.