Classification of habitual activities in behavior-based network detection
This paper presents a new method to detect network traffic threats based on packet classification which is result from the identification of insider’s habitual activities. We assess the habitual activities by examining regular expression of web applications use by insiders together with the existing...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Journal of Computing
2010
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/37256/2/index.html http://eprints.utm.my/id/eprint/37256/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | This paper presents a new method to detect network traffic threats based on packet classification which is result from the identification of insider’s habitual activities. We assess the habitual activities by examining regular expression of web applications use by insiders together with the existing server activities log and rules pattern from global update. We capture the packets, analyze the packet and finally, categorize into three main categories whether it is normal, suspicious or malicious. Our method is able to detect threat with low false alarm rate and provides event list handler to rate the risk for prevention purposes. We apply our method to evaluate system security for help security officer (IT Manager and Administrator) to be aware of status network activities. |
|---|