Scholars@Duke

On the limits of payload-oblivious network attack detection

Publication ,  Conference
Collins, MP; Reiter, MK
Published in: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
November 27, 2008
Published version (DOI)

We introduce a methodology for evaluating network intrusion detection systems using an observable attack space, which is a parameterized representation of a type of attack that can be observed in a particular type of log data. Using the observable attack space for log data that does not include payload (e.g., NetFlow data), we evaluate the effectiveness of five proposed detectors for bot harvesting and scanning attacks, in terms of their ability (even when used in conjunction) to deter the attacker from reaching his goals. We demonstrate the ranges of attack parameter values that would avoid detection, or rather that would require an inordinately high number of false alarms in order to detect them consistently. © 2008 Springer-Verlag Berlin Heidelberg.

Duke Scholars

Michael Reiter
Author Michael Reiter Computer Science

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

10.1007/978-3-540-87403-4_14

EISSN

1611-3349

ISSN

0302-9743

Publication Date

November 27, 2008

Volume

5230 LNCS

Start / End Page

251 / 270

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Collins, M. P., & Reiter, M. K. (2008). On the limits of payload-oblivious network attack detection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5230 LNCS, pp. 251–270). https://doi.org/10.1007/978-3-540-87403-4_14
Collins, M. P., and M. K. Reiter. “On the limits of payload-oblivious network attack detection.” In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 5230 LNCS:251–70, 2008. https://doi.org/10.1007/978-3-540-87403-4_14.
Collins MP, Reiter MK. On the limits of payload-oblivious network attack detection. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2008. p. 251–70.
Collins, M. P., and M. K. Reiter. “On the limits of payload-oblivious network attack detection.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5230 LNCS, 2008, pp. 251–70. Scopus, doi:10.1007/978-3-540-87403-4_14.
Collins MP, Reiter MK. On the limits of payload-oblivious network attack detection. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2008. p. 251–270.

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

10.1007/978-3-540-87403-4_14

EISSN

1611-3349

ISSN

0302-9743

Publication Date

November 27, 2008

Volume

5230 LNCS

Start / End Page

251 / 270

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences