Title :
An Approach on Detecting Attack Based on Causality in Network Behavior
Author :
Wang, Zhiwen ; Xia, Qin ; Lu, Ke ; Zhang, Jie
Author_Institution :
Dept. of Comput. Sci., Xian Jiaotong Univ., Xian
Abstract :
An SNMP MIB oriented approach based on two-tier GCT is presented in this paper in order to detect attack before the security of target was damaged. According to the abnormal behavior constructed on target, GCT is executed first to find preliminary attacking variables which has whole causality with abnormal variable in network behavior. Depending on behavior features extracted from abnormal behavior, GCT is executed again to recognize attacking variable which has local causality with abnormal variable in local behavior. The causality between attacking and abnormal variable is used to build rules, with which attack can be detected on attacker. udpOutDatagrams was recognized as attacking variable successfully and detecting results was obtained well in experiment where Trin00 UDP Flood was selected to attack. The final results showed that the approach with two-tier GCT was proved to detect attack early, which has great effect on blocking the pervasion of attacking procedure to target.
Keywords :
causality; security of data; attack detection; management information; network behavior; target security; Computer networks; Computer science; Data security; Earthquakes; Feature extraction; Floods; Information management; Random variables; Software engineering; Testing; attack detection; granger causality test; management information base; network behavior;
Conference_Titel :
Computer Science and Software Engineering, 2008 International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-0-7695-3336-0
DOI :
10.1109/CSSE.2008.1003
