Surveillance Detection in High Bandwidth Environments

Washington, DC April 22-April 24

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DISCEX.2003.1194879

DARPA Information Survivability Confe ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Seth Robertson Articles by Eric V. Siegel Articles by Matt Miller Articles by Salvatore J. Stolfo

	ASCII Text	x
	Seth Robertson, Eric V. Siegel, Matt Miller, Salvatore J. Stolfo, "Surveillance Detection in High Bandwidth Environments," DARPA Information Survivability Conference and Exposition,, vol. 1, pp. 130, DARPA Information Survivability Conference and Exposition - Volume I, 2003.

	BibTex	x
	@article{ 10.1109/DISCEX.2003.1194879, author = {Seth Robertson and Eric V. Siegel and Matt Miller and Salvatore J. Stolfo}, title = {Surveillance Detection in High Bandwidth Environments}, journal ={DARPA Information Survivability Conference and Exposition,}, volume = {1}, year = {2003}, issn = {2003102155}, pages = {130}, doi = {http://doi.ieeecomputersociety.org/10.1109/DISCEX.2003.1194879}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - DARPA Information Survivability Conference and Exposition, TI - Surveillance Detection in High Bandwidth Environments SN - 2003102155 SP EP A1 - Seth Robertson, A1 - Eric V. Siegel, A1 - Matt Miller, A1 - Salvatore J. Stolfo, PY - 2003 KW - null VL - 1 JA - DARPA Information Survivability Conference and Exposition, ER -

Seth Robertson, System Detection, Inc.

Eric V. Siegel, System Detection, Inc.

Matt Miller, System Detection, Inc.

Salvatore J. Stolfo, Columbia University

In this paper, we describe System Detection?s surveillance detection techniques for enclave environments (ESD) and peering center environments (PSD) and evaluate each technique over data gathered from two different network environments. ESD is evaluated over 74 hours of tcpdump packet traces (344 million packets) from a large enclave; PSD is evaluated over 5 hours of tcpdump packet traces (110 million packets) gathered from a peering center. Both surveillance detection modules were executed over the audit data offline to generate surveillance detection alerts, though the systems can be run in real-time as well. Our results show that both ESD and PSD accurately discover great quantities of surveillance activities (including long-lived and distributed scans) and can be tuned to reduce the volume of alerts. Furthermore, existing IDS technology may be blind to many activities discovered by ESD and PSD.

Citation:

Seth Robertson, Eric V. Siegel, Matt Miller, Salvatore J. Stolfo, "Surveillance Detection in High Bandwidth Environments," discex, vol. 1, pp.130, DARPA Information Survivability Conference and Exposition - Volume I, 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.