On-the-fly Intrusion Detection for Web Portals

Get BibTex-formatted data

Download

PDF

Author

Radu Sion and Mikhail Atallah and Sunil Prabhakar

Tech report number

CERIAS TR 2002-36

Entry type

inproceedings

Abstract

Remote access to distributed hyper-linked information proves to be one of the killer applications for computer networks. More and more content in current inter and intra nets is available as hyper-data, a form easing its distribution and semantic organization. In the framework of the Internet's Web-Portals and Pay-Sites, mechanisms for login based on username and password enable the dynamic customization as well as partial protection of the content. In other applications (e.g. commercial intra-nets) various similar schemes of authentication are deployed. Nevertheless, stolen passwords are an easy avenue to identity theft, in both public and commercial data networks. Once a perpetrator enters a system, assuming an authorized user's identity, the task of actually detecting this intrusion becomes non-trivial and is often ignored completely. Thus, in addition to the initial authentication step we propose a runtime intrusion detection mechanism, required to maintain a virtually continuous user authentication process and detect identity theft and password misuses. The current paper focuses on designing a pervasive intrusion detection method for hyper-data systems, based on training on and analyzing of access patterns to hyper-linked data, aiming at detecting intruders and raising a red flag at the content provider's side. Our solution is based on a new technique, on-the-fly adaptive training for normality on streams of data access patterns. This enables runtime intrusion detection through analysis of correlations between current patterns and the adaptive past-knowledge. Such a method is to be used in conjunction with current username-password protection schemes. We introduce the motivation behind our solution , discuss the novel detection and training metrics and propose a real-life deployment design. We implement the main algorithm and perform experiments for assessing its intrusion detection ability, with very encouraging results. We also discuss the deployment of our method for detecting automatic spam-bot accesses.

Download

PDF

Booktitle

203 ACM International Conference on Management of Data (SIGMOD)

Institution

Purdue University

Key alpha

sion2002idss

Affiliation

Computer Sciences, CERIAS

Publication Date

1900-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Inproceedings{ sion2002idss,
	title = "On-the-fly Intrusion Detection for Web Portals",
	author = "Radu Sion and Mikhail Atallah and Sunil Prabhakar",
	booktitle = "203 ACM International Conference on Management of Data (SIGMOD)",
	institution = "Purdue University",
	abstract = "Remote access to distributed hyper-linked information proves to be one of
the killer applications for computer networks. More and more content in
current inter and intra nets is available as hyper-data, a form easing
its distribution and semantic organization.
 
In the framework of the Internet's Web-Portals and Pay-Sites,
mechanisms for login based on username and password enable the
dynamic customization as well as partial protection of the content.
In other applications (e.g. commercial intra-nets) various
similar schemes of authentication are deployed.
 
Nevertheless, stolen passwords are an easy avenue to identity theft, in
both public and commercial data networks. Once a perpetrator enters a
system, assuming an authorized user's identity, the task of actually
detecting this intrusion becomes non-trivial and is often ignored completely.
 
Thus, in addition to the initial authentication step we propose a runtime
intrusion detection mechanism, required to maintain a virtually continuous
user authentication process and detect identity theft and password misuses.
 
The current paper focuses on designing a pervasive intrusion detection
method for hyper-data systems, based on training on and analyzing of access
patterns to hyper-linked data, aiming at detecting intruders and raising a
red flag at the content provider's side. Our solution is based on a new
technique, on-the-fly adaptive training for normality on streams of data
access patterns. This enables runtime intrusion detection through analysis
of correlations between current patterns and the adaptive past-knowledge.
Such a method is to be used in conjunction with current username-password
protection schemes.

We introduce the motivation behind our solution , discuss
the novel detection and training metrics and propose a real-life
deployment design. We implement the main algorithm and perform
experiments for assessing its intrusion detection ability, with
very encouraging results. We also discuss the deployment of our
method for detecting automatic spam-bot accesses.
",
	affiliation = "Computer Sciences, CERIAS",
}