Title :
Correlation Based Node Behavior Profiling for Enterprise Network Security
Author :
Chang, Su ; Daniels, Thomas E.
Author_Institution :
Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA, USA
Abstract :
Node behavior profiling is a promising tool for many aspects in network security. In our research, our goal is to couple node behavior profiles with statistical tests with a focus on enterprise security. Limited work has been done in the literature. In this paper, we first propose a correlation based node behavior profiling approach to study node behaviors in enterprise network environments. We then propose formal statistical test on the most common behavior profiles which is able to detect worm propagation. In our initial studies, we evaluate our profiling and detection schemes using real enterprise data (LBNL traces). The results show that the correlation based node behavior profiling approach can capture normal behaviors of different types. Consequently, the behavior profiles are promising for anomaly detection when coupled with statistical methods.
Keywords :
business communication; computer networks; statistical analysis; telecommunication security; correlation based node behavior profiling approach; enterprise network security; enterprise security; statistical tests; worm propagation; Computer networks; Computer security; Computer worms; Electronic mail; Information security; Statistical analysis; Telecommunication traffic; Testing; Traffic control; Web server; Behavior Profiling; Security;
Conference_Titel :
Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference on
Conference_Location :
Athens, Glyfada
Print_ISBN :
978-0-7695-3668-2
DOI :
10.1109/SECURWARE.2009.53
