Monday, 14 April 2014

New IDS notes deviant behavior

A team of researchers at Binghamton University has a new intrusion detection system that operates on the basis of monitoring the behaviour of systems and noticing when it is different from "normal" behaviour.
The project called "Intrusion Detection Systems: Object Access Graphs" was funded by the "Air Force Office of Scientific Research" was conducted by PhD Patricia Moat and Zachary Birnbaum and researcher Andrey Dolgikh. They were accompanied by Victor Skormin, professor of "electrical and computer engineering."


The researchers have chosen to focus on the behaviour of the system instead of detecting malware. This choice was made because malware can change there may be new definitions. Designed for faster
"We take a photo from your computer, and then we compare it with a picture of a computer that behaves normally a picture of an infected computer. Then we look at the differences," says Birnbaum. "On the basis of the differences we can see that the computer is infected and to what kind of infection it is. Soon as you know you are infected, you can take action."
"System calls that are made under normal circumstances be converted to" graph components "which are used as the basis of the profile of a computer again normally," the researchers explain.
Source: Intrusion Detection Using N-Grams or Graph Object Access Components

"Our results show that an efficient detection of abnormal behaviour is made possible by a clever use of" graph processing "algorithms to make system behaviour profiles."
The PDF with details about the project you can here find.

No comments:

Post a Comment