Experimental results of cross-site exchange of web content Anomaly Detector alerts

Author

Boggs, Nathaniel ; Hiremagalore, Sharath ; Stavrou, Angelos ; Stolfo, Salvatore J.

Author_Institution

Dept. of Comput. Sci., Columbia Univ., New York, NY, USA

fYear

2010

fDate

8-10 Nov. 2010

Firstpage

8

Lastpage

14

Abstract

We present our initial experimental findings from the collaborative deployment of network Anomaly Detection (AD) sensors. Our system examines the ingress http traffic and correlates AD alerts from two administratively disjoint domains: Columbia University and George Mason University. We show that, by exchanging packet content alerts between the two sites, we can achieve zero-day attack detection capabilities with a relatively small number of false positives. Furthermore, we empirically demonstrate that the vast majority of common abnormal data represent attack vectors rather than false positives. We posit that cross-site collaboration enables the automated detection of common abnormal data which are likely to ferret out zero-day attacks with high accuracy and minimal human intervention.

Keywords

Internet; security of data; Web content anomaly detector alerts; cross site exchange; packet content alerts; zero day attack detection; Computational modeling; Correlation; Data models; Detectors; Humans; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Technologies for Homeland Security (HST), 2010 IEEE International Conference on

Conference_Location

Waltham, MA

Print_ISBN

978-1-4244-6047-2

Type

conf

DOI

10.1109/THS.2010.5655103

Filename

5655103