Title :
User Intention-Based Traffic Dependence Analysis for Anomaly Detection
Author :
Hao Zhang ; Banick, W. ; Danfeng Yao ; Ramakrishnan, N.
Abstract :
This paper describes an approach to enforce dependencies between network traffic and user activities for anomaly detection. We present a framework and algorithms that analyze user actions and network events on a host according to their dependencies. Discovering these relations is useful in identifying anomalous events on a host that are caused by software flaws or malicious code. To demonstrate the feasibility of user intention-based traffic dependence analysis, we implement a prototype called CR-Miner and perform extensive experimental evaluation of the accuracy, security, and efficiency of our algorithm. The results show that our algorithm can identify user intention-based traffic dependence with high accuracy (average 99:6% for 20 users) and low false alarms. Our prototype can successfully detect several pieces of HTTP-based real-world spy ware. Our dependence analysis is fast with a minimal storage requirement. We give a thorough analysis on the security and robustness of the user intention-based traffic dependence approach.
Keywords :
behavioural sciences; computer network security; telecommunication traffic; CR-Miner; HTTP-based real-world spyware; algorithm accuracy evaluation; algorithm efficiency evaluation; algorithm security evaluation; anomaly detection; causal relation miner framework; false alarms; malicious code; network event analysis; network traffic; software flaws; user action analysis; user activities; user intention-based traffic dependence analysis; Browsers; Inference algorithms; Prototypes; Spyware; Vegetation; Anomaly detection; Dependence; Network traffic; User behaviors;
Conference_Titel :
Security and Privacy Workshops (SPW), 2012 IEEE Symposium on
Conference_Location :
San Francisco, CA
Print_ISBN :
978-1-4673-2157-0
DOI :
10.1109/SPW.2012.15
