Title :
Experimental results of cross-site exchange of web content Anomaly Detector alerts
Author :
Boggs, Nathaniel ; Hiremagalore, Sharath ; Stavrou, Angelos ; Stolfo, Salvatore J.
Author_Institution :
Dept. of Comput. Sci., Columbia Univ., New York, NY, USA
Abstract :
We present our initial experimental findings from the collaborative deployment of network Anomaly Detection (AD) sensors. Our system examines the ingress http traffic and correlates AD alerts from two administratively disjoint domains: Columbia University and George Mason University. We show that, by exchanging packet content alerts between the two sites, we can achieve zero-day attack detection capabilities with a relatively small number of false positives. Furthermore, we empirically demonstrate that the vast majority of common abnormal data represent attack vectors rather than false positives. We posit that cross-site collaboration enables the automated detection of common abnormal data which are likely to ferret out zero-day attacks with high accuracy and minimal human intervention.
Keywords :
Internet; security of data; Web content anomaly detector alerts; cross site exchange; packet content alerts; zero day attack detection; Computational modeling; Correlation; Data models; Detectors; Humans; Web server;
Conference_Titel :
Technologies for Homeland Security (HST), 2010 IEEE International Conference on
Conference_Location :
Waltham, MA
Print_ISBN :
978-1-4244-6047-2
DOI :
10.1109/THS.2010.5655103
