Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 8 of 8
Full-Text Articles in Entire DC Network
Streaming Estimation Of Information-Theoretic Metrics For Anomaly Detection (Extended Abstract), Sergey Bratus, Joshua Brody, David Kotz, Anna Shubina
Streaming Estimation Of Information-Theoretic Metrics For Anomaly Detection (Extended Abstract), Sergey Bratus, Joshua Brody, David Kotz, Anna Shubina
Dartmouth Scholarship
Information-theoretic metrics hold great promise for modeling traffic and detecting anomalies if only they could be computed in an efficient, scalable ways. Recent advances in streaming estimation algorithms give hope that such computations can be made practical. We describe our work in progress that aims to use streaming algorithms on 802.11a/b/g link layer (and above) features and feature pairs to detect anomalies.
Detecting 802.11 Mac Layer Spoofing Using Received Signal Strength, Yong Sheng, Keren Tan, Guanling Chen, David Kotz, Andrew T. Campbell
Detecting 802.11 Mac Layer Spoofing Using Received Signal Strength, Yong Sheng, Keren Tan, Guanling Chen, David Kotz, Andrew T. Campbell
Dartmouth Scholarship
MAC addresses can be easily spoofed in 802.11 wireless LANs. An adversary can exploit this vulnerability to launch a large number of attacks. For example, an attacker may masquerade as a legitimate access point to disrupt network services or to advertise false services, tricking nearby wireless stations. On the other hand, the received signal strength (RSS) is a measurement that is hard to forge arbitrarily and it is highly correlated to the transmitter's location. Assuming the attacker and the victim are separated by a reasonable distance, RSS can be used to differentiate them to detect MAC spoofing, as recently proposed …
Refocusing In 802.11 Wireless Measurement, Udayan Deshpande, Chris Mcdonald, David Kotz
Refocusing In 802.11 Wireless Measurement, Udayan Deshpande, Chris Mcdonald, David Kotz
Dartmouth Scholarship
The edge of the Internet is increasingly wireless. To understand the Internet, one must understand the edge, and yet the measurement of wireless networks poses many new challenges. IEEE 802.11 networks support multiple wireless channels and any monitoring technique involves capturing traffic on each of these channels to gather a representative sample of frames from the network. We call this procedure \emphchannel sampling, in which each sniffer visits each channel periodically, resulting in a sample of the traffic on each of the channels. \par This sampling approach may be sufficient, for example, for a system administrator or anomaly detection module …
Channel Sampling Strategies For Monitoring Wireless Networks, Udayan Deshpande, Tristan Henderson, David Kotz
Channel Sampling Strategies For Monitoring Wireless Networks, Udayan Deshpande, Tristan Henderson, David Kotz
Dartmouth Scholarship
Monitoring the activity on an IEEE 802.11 network is useful for many applications, such as network management, optimizing deployment, or detecting network attacks. Deploying wireless sniffers to monitor every access point in an enterprise network, however, may be expensive or impractical. Moreover, some applications may require the deployment of multiple sniffers to monitor the numerous channels in an 802.11 network. In this paper, we explore sampling strategies for monitoring multiple channels in 802.11b/g networks. We describe a simple sampling strategy, where each channel is observed for an equal, predetermined length of time, and consider applications where such a strategy might …
The Kerf Toolkit For Intrusion Analysis, Javed Aslam, Sergey Bratus, David Kotz, Ronald Peterson
The Kerf Toolkit For Intrusion Analysis, Javed Aslam, Sergey Bratus, David Kotz, Ronald Peterson
Dartmouth Scholarship
No abstract provided.
Kerf: Machine Learning To Aid Intrusion Analysts, Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus
Kerf: Machine Learning To Aid Intrusion Analysts, Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus
Dartmouth Scholarship
Kerf is a toolkit for post-hoc intrusion analysis of available system logs and some types of network logs. It takes the view that this process is inherently interactive and iterative: the human analyst browses the log data for apparent anomalies, and tests and revises his hypothesis of what happened. The hypothesis is alternately refined, as information that partially confirms the hypothesis is discovered, and expanded, as the analyst tries new avenues that broaden the investigation.
The Kerf Toolkit For Intrusion Analysis (Poster Abstract), Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus, Brett Tofel
The Kerf Toolkit For Intrusion Analysis (Poster Abstract), Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus, Brett Tofel
Dartmouth Scholarship
We consider the problem of intrusion analysis and present the Kerf toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf in detail, present examples to demonstrate the power of our query language, and discuss the performance …
Using Mobile Agents For Analyzing Intrusion In Computer Networks, Jay Aslam, Marco Cremonini, David Kotz, Daniela Rus
Using Mobile Agents For Analyzing Intrusion In Computer Networks, Jay Aslam, Marco Cremonini, David Kotz, Daniela Rus
Dartmouth Scholarship
Today hackers disguise their attacks by launching them form a set of compromised hosts distributed across the Internet. It is very difficult to defend against these attacks or to track down their origin. Commercially available intrusion detection systems can signal the occurrence of limited known types of attacks. New types of attacks are launched regularly but these tools are not effective in detecting them. Human experts are still the key tool for identifying, tracking, and disabling new attacks. Often this involves experts from many organizations working together to share their observations, hypothesis, and attack signatures. Unfortunately, today these experts have …