Therminator 2: a thermodynamics-based method for real-time patternless intrusion detection

Therminator 2: a thermodynamics-based method for real-time patternless intrusion detection

A novel system for conducting nonsignature based, or patternless, intrusion detection of computer networks is presented. The initial prototype has been installed at USA Pacific Command and Army Signal Command. This system uses principles of thermodynamics to model network conversation characteristic...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Donald, S.D., McMillen, R.V., Ford, D.K., McEachen, J.C.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer networks
Entropy
Forensics
Intrusion detection
Prototypes
Real time systems
Spine
Telecommunication traffic
Temperature sensors
Thermodynamics
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A novel system for conducting nonsignature based, or patternless, intrusion detection of computer networks is presented. The initial prototype has been installed at USA Pacific Command and Army Signal Command. This system uses principles of thermodynamics to model network conversation characteristics. Observing the properties of entropy, energy and temperature within the system develops a notion of baseline operating conditions. Perturbations in these properties are considered potential intrusions for further investigation. System functions are decomposed into a network sensing device, a real-time processing component and a forensics component. State definitions for a variety of conditions are discussed. Finally, examples of valid intrusions and other network perturbations in real traffic collected in network operation center backbones are presented. Preliminary results indicate this system has significant potential for revealing anomalies in large network systems.
DOI:10.1109/MILCOM.2002.1179705