Abstract

This paper presents a system named SPOT to achieve high accuracy and preemptive detection of attacks. We use security logs of real-incidents that occurred over a six-year period at National Center for Supercomputing Applications (NCSA) to evaluate SPOT. Our data consists of attacks that led directly to the target system being compromised, i.e., not detected in advance, either by the security analysts or by intrusion detection systems. Our approach can detect 75 percent of attacks as early as minutes to tens of hours before attack payloads are executed.

Original languageEnglish (US)
Title of host publicationProceedings of the 2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014
PublisherAssociation for Computing Machinery
ISBN (Print)9781450329071
DOIs
StatePublished - Jan 1 2014
Event2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014 - Raleigh, NC, United States
Duration: Apr 8 2014Apr 9 2014

Publication series

NameACM International Conference Proceeding Series

Other

Other2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014
CountryUnited States
CityRaleigh, NC
Period4/8/144/9/14

Keywords

  • Credential stealing attack
  • Factor graph
  • Tagging
  • Timeliness

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Preemptive intrusion detection'. Together they form a unique fingerprint.

Cite this