Using Behavioral Modeling and Customized Normalcy Profiles as Protection against Targeted Cyber-Attacks
Targeted cyber-attacks present significant threat to modern computing systems. Modern industrial control systems (SCADA) or military networks are example of high value targets with potentially severe implications in case of successful attack. Anomaly detection can provide solution to targeted attacks as attack is likely to introduce some distortion to observable system activity. Most of the anomaly detection has been done on the level of sequences of system calls and is known to have problems with high false alarm rates. In this paper, we show that better results can be obtained by performing behavioral analysis on higher semantic level. We observe that many critical computer systems serve a specific purpose and are expected to run strictly limited sets of software. We model this behavior by creating customized normalcy profile of this system and evaluate how well does anomaly based detection work in this scenario.
KeywordsBehavior Based IDS Automatic Signature Generation
Unable to display preview. Download preview PDF.
- 1.Percoco, N., Ilyas, J.: Malware Freakshow 2010: White paper for Black Hat USA (2010) Google Scholar
- 2.Falliere, N., Murchu, L., Chien, E.: W32.Stuxnet Dossier: Symantec security response version 1.4 (2011) Google Scholar
- 5.Peshkin, L.: Structure induction by lossless graph compression. In: Data Compression Conference, DCC, pp. 53–62 (2007)Google Scholar
- 6.Hayashida, M., Akutsu, T.: Comparing Biological Networks via Graph Compression. In: Symposium on Optimization and Systems Biology (2009) Google Scholar
- 7.Choi, Y., Szpankowski, W.: Compression of Graphical Structures: Fundamental Limits, Algorithms, and Experiments. IEEE Transactions on Information Theory (2012) Google Scholar
- 9.Offensive Computing, http://offensivecomputing.net/ (accessed, November 2011)
- 10.Dolgikh, A., Nykodym, T., Skormin, V., Antonakos, J.: Colored Petri nets as the enabling technology in intrusion detection systems. In: Military Communications Conference, MILCOM 2011, pp. 1297–1301 (2011)Google Scholar
- 11.Chen, C., Lin, C.X., Fredrikson, M., Christodorescu, M., Yan, X.: Mining graph patterns efficiently via randomized summaries. In: Proceedings VLDB Endow, vol. 2(1), pp. 742–753 (2009)Google Scholar