Detection of intrusion on network servers plays an ever more important role in network security. This paper investigates whether analysis of incoming connection behavior for properties of locality can be used to create a normal profile for network servers. Intrusions can then be detected due to their abnormal behavior. Experiments show that connections to a typical network server do in fact exhibit locality, and attacks can be detected through their violation of locality. © 2008 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Lee, R., & Lang, S. D. (2008). Locality-based server profiling for intrusion detection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5075 LNCS, pp. 205–216). https://doi.org/10.1007/978-3-540-69304-8_21
Mendeley helps you to discover research relevant for your work.