TY - GEN
T1 - On-the-fly intrusion detection for Web portals
AU - Sion, R.
AU - Atallah, M.
AU - Prabhakar, S.
N1 - Publisher Copyright:
© 2003 IEEE.
PY - 2003
Y1 - 2003
N2 - Remote access to distributed hyperlinked information proves to be one of the killer applications for computer networks. More and more content in current inter and intranets is available as hyperdata, a form easing its distribution and semantic organization. In the framework of the Internet's Web-portals and pay-sites, mechanisms for login based on username and password enable the dynamic customization as well as partial protection of the content. In other applications (e.g. commercial intranets) various similar schemes of authentication are deployed. Nevertheless, stolen passwords are an easy avenue to identity theft, in both public and commercial data networks. Once a perpetrator enters a system, assuming an authorized user's identity, the task of actually detecting this intrusion becomes non-trivial and is often ignored completely. Thus, in addition to the initial authentication step we propose a runtime intrusion detection mechanism, required to maintain a virtually continuous user authentication process and detect identity theft and password misuses. The current paper focuses on designing a pervasive intrusion detection method for hyperdata systems, based on training on and analyzing of access patterns to hyperlinked data, aiming at detecting intruders and raising a red flag at the content provider's side. Our solution is based on a new technique, on-the-fly adaptive training for normality on streams of data access patterns. This enables runtime intrusion detection through analysis of correlations between current patterns and the adaptive past-knowledge. Such a method is to be used in conjunction with current username-password protection schemes. We introduce the motivation behind our solution, discuss the novel detection and training metrics and propose a real-life deployment design. We implement the main algorithm and perform experiments for assessing its intrusion detection ability, with very encouraging results. We also discuss the deployment of our method for detecting automatic spam-bot accesses.
AB - Remote access to distributed hyperlinked information proves to be one of the killer applications for computer networks. More and more content in current inter and intranets is available as hyperdata, a form easing its distribution and semantic organization. In the framework of the Internet's Web-portals and pay-sites, mechanisms for login based on username and password enable the dynamic customization as well as partial protection of the content. In other applications (e.g. commercial intranets) various similar schemes of authentication are deployed. Nevertheless, stolen passwords are an easy avenue to identity theft, in both public and commercial data networks. Once a perpetrator enters a system, assuming an authorized user's identity, the task of actually detecting this intrusion becomes non-trivial and is often ignored completely. Thus, in addition to the initial authentication step we propose a runtime intrusion detection mechanism, required to maintain a virtually continuous user authentication process and detect identity theft and password misuses. The current paper focuses on designing a pervasive intrusion detection method for hyperdata systems, based on training on and analyzing of access patterns to hyperlinked data, aiming at detecting intruders and raising a red flag at the content provider's side. Our solution is based on a new technique, on-the-fly adaptive training for normality on streams of data access patterns. This enables runtime intrusion detection through analysis of correlations between current patterns and the adaptive past-knowledge. Such a method is to be used in conjunction with current username-password protection schemes. We introduce the motivation behind our solution, discuss the novel detection and training metrics and propose a real-life deployment design. We implement the main algorithm and perform experiments for assessing its intrusion detection ability, with very encouraging results. We also discuss the deployment of our method for detecting automatic spam-bot accesses.
UR - https://www.scopus.com/pages/publications/84978828620
U2 - 10.1109/ITCC.2003.1197549
DO - 10.1109/ITCC.2003.1197549
M3 - Conference contribution
AN - SCOPUS:84978828620
T3 - Proceedings ITCC 2003, International Conference on Information Technology: Computers and Communications
SP - 325
EP - 330
BT - Proceedings - ITCC 2003, International Conference on Information Technology
A2 - Srimani, Pradip K.
A2 - Regentova, Emma
A2 - Hashemi, Ray
A2 - Lawrence, Elaine
A2 - Cannataro, Mario
A2 - Spink, Amanda
A2 - Bein, Wolf
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - International Conference on Information Technology: Computers and Communications, ITCC 2003
Y2 - 28 April 2003 through 30 April 2003
ER -