Skip to main content
SpringerLink
Log in

Locality-Based Server Profiling for Intrusion Detection

  • Conference paper
Book cover Intelligence and Security Informatics (ISI 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5075))

Included in the following conference series:

  • 2261 Accesses

Abstract

Detection of intrusion on network servers plays an ever more important role in network security. This paper investigates whether analysis of incoming connection behavior for properties of locality can be used to create a normal profile for network servers. Intrusions can then be detected due to their abnormal behavior. Experiments show that connections to a typical network server do in fact exhibit locality, and attacks can be detected through their violation of locality.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Zhou, M., Lee, R., Lang, S.-D.: Locality-Based Profile Analysis for Secondary Intrusion Detection. In: Proc. 8th International Symposium on Parallel Architectures, Algorithms and Networks, pp. 166–173. IEEE Computer Society Press, Washington (2005)

    Chapter  Google Scholar 

  2. McHugh, J., Gates, C.: Locality: a New Paradigm for Thinking About Normal Behavior and Outsider Threat. In: ACM New Security Paradigms Workshop. ACM Press, New York (2004)

    Google Scholar 

  3. Berk, V., Bakos, G.: Designing a Framework for Active Worm Detection on Global Networks. In: Proc. 1st IEEE International Workshop on Information Assurance. IEEE Computer Society Press, Washington (2003)

    Google Scholar 

  4. Hofmeyr, S.: An Immunological Model of Distributed Detection and Its Application to Computer Science Security. Ph.D. dissertation, Dept. of Computer Science, Univ. of New Mexico (1999)

    Google Scholar 

  5. Williamson, M.: Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code. In: 18th Annual Computer Security Applications Conference. IEEE Computer Society Press, Washington (2002)

    Google Scholar 

  6. Cui, W., Katz, R.H., Tan, W.: BINDER: An extrusion-based break-in detector for personal computers. Technical report, Hewlett-Packard Laboratories, Palo Alto, CA (2004)

    Google Scholar 

  7. Sekar, V., Xie, Y., Reiter, M.K., Zhang, H.: A multi-resolution approach for worm detection and containment. In: Proc. International Conference on Dependable Systems and Networks, pp. 189–198. IEEE Computer Society Press, Washington (2006)

    Chapter  Google Scholar 

  8. Sekar, V., Xie, Y., Reiter, M.K., Zhang, H.: Is host-based anomaly detection + temporal correlation = worm causality? Technical report, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA (2007)

    Google Scholar 

  9. Wireshark Network Protocol Analyzer, http://www.wireshark.org/

  10. Nmap Network Security Scanner, http://nmap.org/

Download references

Author information

Authors and Affiliations

  1. School of Electrical Engineering and Computer Science, University of Central Florida, 4000 Central Florida Blvd., Orlando, FL, 32816, U.S.A.

    Robert Lee & Sheau-Dong Lang

Authors
  1. Robert Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sheau-Dong Lang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Chinese University of Hong Kong, Hong Kong

    Christopher C. Yang

  2. The University of Arizona, USA

    Hsinchun Chen

  3. The University of Hong Kong, Hong Kong

    Michael Chau

  4. Nanyang Technological University, Singapore

    Kuiyu Chang

  5. University of Central Florida, USA

    Sheau-Dong Lang

  6. Tatung University, Taiwan

    Patrick S. Chen

  7. California University of Pennsylvania, USA

    Raymond Hsieh

  8. University of Arizona and Chinese Academy of Sciences, USA

    Daniel Zeng

  9. Chinese Academy of Sciences, China

    Fei-Yue Wang  & Wenji Mao  & 

  10. Carnegie Mellon University, USA

    Kathleen Carley  & Justin Zhan  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lee, R., Lang, SD. (2008). Locality-Based Server Profiling for Intrusion Detection. In: Yang, C.C., et al. Intelligence and Security Informatics. ISI 2008. Lecture Notes in Computer Science, vol 5075. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69304-8_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-69304-8_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69136-5

  • Online ISBN: 978-3-540-69304-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation