Skip navigation
Por favor, use este identificador para citar o enlazar este ítem: http://repositorio.unb.br/handle/10482/10985
Ficheros en este ítem:
Fichero Descripción Tamaño Formato  
ARTIGO_ParallelApproachPCA.pdf1,22 MBAdobe PDFVisualizar/Abrir
Título : A parallel approach to pca based malicious activitydetection in distributed honeypot data
Autor : David, Bernardo Machado
Costa, João Paulo Carvalho Lustosa da
Nascimento, Anderson Clayton Alves
Holtz, Marcelo Dias
Amaral, Dino Macedo
Sousa Júnior, Rafael Timóteo de
Assunto:: Algoritmos de computador - criptografia de dados (Computação)
Compressão de dados (Computação)
Computadores - medidas de segurança
Hackers
Fecha de publicación : 2011
Editorial : Brazilian Association of High Technology Experts (ABEAT)
Citación : DAVID, Bernardo Machado et al. A parallel approach to pca based malicious activitydetection in distributed honeypot data. The International Journal of Forensic Computer Science, v. 6, n. 1, p. 8-27, 2011. Disponível em:<http://www.ijofcs.org/abstract-v06n1-pp01.html>. Acesso em: 19 jun. 2012. doi: 10.5769/J201101001.
Resumen : Model order selection (MOS) schemes, which are frequently employed inseveral signal processing applications, are shown to be effective tools for the detectionof malicious activities in honeypot data. In this paper, we extend previous results byproposing an efficient and parallel MOS method for blind automatic malicious activitydetection in distributed honeypots. Our proposed scheme does not require any previousinformation on attacks or human intervention. We model network traffic data as signalsand noise and then apply modified signal processing methods. However, differently fromthe previous centralized solutions, we propose that the data colected by each honeypotnode be processed by nodes in a cluster (that may consist of the collection nodesthemselves) and then grouped to obtain the final results. This is achieved by having eachnode locally compute the Eigenvalue Decomposition (EVD) to its own sample correlationmatrix (obtained from the honeypot data) and transmit the resulting eigenvalues to acentral node, where the global eigenvalues and final model order are computed. Themodel order computed from the global eigenvalues through RADOI represents the numberof malicious activities detected in the analysed data. The feasibility of the proposedapproach is demonstrated through simulation experiments.
Licença:: The International Journal of Forensic Computer Science - Disponível sob Licença Creative Commons 3.0, que permite copiar, distribuir e transmitir o trabalho, desde que seja citado o autor e licenciante. Não permite o uso para fins comerciais nem a adaptação desta.
DOI: https://dx.doi.org/10.5769/J201101001
Aparece en las colecciones: Artigos publicados em periódicos e afins

Mostrar el registro Dublin Core completo del ítem " class="statisticsLink btn btn-primary" href="/jspui/handle/10482/10985/statistics">



Este ítem está sujeto a una licencia Creative Commons Licencia Creative Commons Creative Commons