User Intention-Based Traffic Dependence Analysis for Anomaly Detection
| dc.contributor.author | Zhang, Hao | en |
| dc.contributor.author | Banick, William | en |
| dc.contributor.author | Yao, Danfeng (Daphne) | en |
| dc.contributor.author | Ramakrishnan, Naren | en |
| dc.contributor.department | Computer Science | en |
| dc.date.accessioned | 2013-06-19T14:36:05Z | en |
| dc.date.available | 2013-06-19T14:36:05Z | en |
| dc.date.issued | 2012 | en |
| dc.description.abstract | This paper describes an approach for enforcing dependencies between network traffic and user activities for anomaly detection. We present a framework and algorithms that analyze user actions and network events on a host according to their dependencies. Discovering these relations is useful in identifying anomalous events on a host that are caused by software flaws or malicious code. To demonstrate the feasibility of user intention-based traffic dependence analysis, we implement a prototype called CR-Miner and perform extensive experimental evaluation of the accuracy, security, and efficiency of our algorithm. The results show that our algorithm can identify user intention-based traffic dependence with high accuracy (average 99:6% for 20 users) and low false alarms. Our prototype can successfully detect several pieces of HTTP-based real-world spyware. Our dependence analysis is fast with a minimal storage requirement. We give a thorough analysis on the security and robustness of the user intention-based traffic dependence approach. | en |
| dc.format.mimetype | application/pdf | en |
| dc.identifier | http://eprints.cs.vt.edu/archive/00001193/ | en |
| dc.identifier.sourceurl | http://eprints.cs.vt.edu/archive/00001193/01/CRminer-techreport.pdf | en |
| dc.identifier.trnumber | TR-12-07 | en |
| dc.identifier.uri | http://hdl.handle.net/10919/19481 | en |
| dc.language.iso | en | en |
| dc.publisher | Department of Computer Science, Virginia Polytechnic Institute & State University | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | Parallel computation | en |
| dc.title | User Intention-Based Traffic Dependence Analysis for Anomaly Detection | en |
| dc.type | Technical report | en |
| dc.type.dcmitype | Text | en |
Files
Original bundle
1 - 1 of 1