{"title":"汉明掩码:迈向防御受限网络系统","authors":"Andrew D. Jurik, Shaun T. Hutton, J. Tarr","doi":"10.1109/MILCOM.2012.6415796","DOIUrl":null,"url":null,"abstract":"The ability of intrusion detection systems to identify anomalous behavior successfully has lagged behind their ability to recognize activity based on signatures. Anomaly detection techniques for enterprises typically use statistical traffic models to accommodate varying network traffic profiles and limit the volume of false alerts. We offer a set of characteristics to identify constrained networked systems in which we hypothesize that anomaly detection techniques are well suited and useful. We offer a specific, concrete approach, Hamming Masks, for identifying expected behavior in a constrained networked system and recognizing unexpected behavior. We demonstrate the applicability of Hamming Masks for two different data sets and find that the distinctions between the enterprise data set and the constrained networked system data set are large.","PeriodicalId":18720,"journal":{"name":"MILCOM 2012 - 2012 IEEE Military Communications Conference","volume":"30 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Hamming Masks: Toward defending constrained networked systems\",\"authors\":\"Andrew D. Jurik, Shaun T. Hutton, J. Tarr\",\"doi\":\"10.1109/MILCOM.2012.6415796\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The ability of intrusion detection systems to identify anomalous behavior successfully has lagged behind their ability to recognize activity based on signatures. Anomaly detection techniques for enterprises typically use statistical traffic models to accommodate varying network traffic profiles and limit the volume of false alerts. We offer a set of characteristics to identify constrained networked systems in which we hypothesize that anomaly detection techniques are well suited and useful. We offer a specific, concrete approach, Hamming Masks, for identifying expected behavior in a constrained networked system and recognizing unexpected behavior. We demonstrate the applicability of Hamming Masks for two different data sets and find that the distinctions between the enterprise data set and the constrained networked system data set are large.\",\"PeriodicalId\":18720,\"journal\":{\"name\":\"MILCOM 2012 - 2012 IEEE Military Communications Conference\",\"volume\":\"30 1\",\"pages\":\"1-6\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MILCOM 2012 - 2012 IEEE Military Communications Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MILCOM.2012.6415796\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2012 - 2012 IEEE Military Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2012.6415796","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Hamming Masks: Toward defending constrained networked systems
The ability of intrusion detection systems to identify anomalous behavior successfully has lagged behind their ability to recognize activity based on signatures. Anomaly detection techniques for enterprises typically use statistical traffic models to accommodate varying network traffic profiles and limit the volume of false alerts. We offer a set of characteristics to identify constrained networked systems in which we hypothesize that anomaly detection techniques are well suited and useful. We offer a specific, concrete approach, Hamming Masks, for identifying expected behavior in a constrained networked system and recognizing unexpected behavior. We demonstrate the applicability of Hamming Masks for two different data sets and find that the distinctions between the enterprise data set and the constrained networked system data set are large.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
