Abstract
Targeted cyber-attacks present significant threat to modern computing systems. Modern industrial control systems (SCADA) or military networks are example of high value targets with potentially severe implications in case of successful attack. Anomaly detection can provide solution to targeted attacks as attack is likely to introduce some distortion to observable system activity. Most of the anomaly detection has been done on the level of sequences of system calls and is known to have problems with high false alarm rates. In this paper, we show that better results can be obtained by performing behavioral analysis on higher semantic level. We observe that many critical computer systems serve a specific purpose and are expected to run strictly limited sets of software. We model this behavior by creating customized normalcy profile of this system and evaluate how well does anomaly based detection work in this scenario.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Percoco, N., Ilyas, J.: Malware Freakshow 2010: White paper for Black Hat USA (2010)
Falliere, N., Murchu, L., Chien, E.: W32.Stuxnet Dossier: Symantec security response version 1.4 (2011)
Cook, D.J., Holder, L.B.: Graph-based data mining. IEEE Intelligent Systems and their Applications 15(2), 32–41 (2000)
Inokuchi, A., Washio, T., Motoda, H.: An Apriori-Based Algorithm for Mining Frequent Substructures from Graph Data. In: Zighed, D.A., Komorowski, J., Żytkow, J.M. (eds.) PKDD 2000. LNCS (LNAI), vol. 1910, pp. 13–23. Springer, Heidelberg (2000)
Peshkin, L.: Structure induction by lossless graph compression. In: Data Compression Conference, DCC, pp. 53–62 (2007)
Hayashida, M., Akutsu, T.: Comparing Biological Networks via Graph Compression. In: Symposium on Optimization and Systems Biology (2009)
Choi, Y., Szpankowski, W.: Compression of Graphical Structures: Fundamental Limits, Algorithms, and Experiments. IEEE Transactions on Information Theory (2012)
Maruyama, S., Sakamoto, H., Takeda, M.: An Online Algorithm for Lightweight Grammar-Based Compression. Algorithms 5(2), 214–235 (2012)
Offensive Computing, http://offensivecomputing.net/ (accessed, November 2011)
Dolgikh, A., Nykodym, T., Skormin, V., Antonakos, J.: Colored Petri nets as the enabling technology in intrusion detection systems. In: Military Communications Conference, MILCOM 2011, pp. 1297–1301 (2011)
Chen, C., Lin, C.X., Fredrikson, M., Christodorescu, M., Yan, X.: Mining graph patterns efficiently via randomized summaries. In: Proceedings VLDB Endow, vol. 2(1), pp. 742–753 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dolgikh, A., Nykodym, T., Skormin, V., Birnbaum, Z. (2012). Using Behavioral Modeling and Customized Normalcy Profiles as Protection against Targeted Cyber-Attacks. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-33704-8_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33703-1
Online ISBN: 978-3-642-33704-8
eBook Packages: Computer ScienceComputer Science (R0)