Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
NSPW
2003
ACM
2003
ACM
Locality: a new paradigm for thinking about normal behavior and outsider threat
Locality as a unifying concept for understanding the normal behavior of benign users of computer systems is suggested as a unifying paradigm that will support the detection of malicious anomalous behaviors. The paper notes that locality appears in many dimensions and applies to such diverse mechanisms as the working set of IP addresses contacted during a web browsing session, the set of email addresses with which one customarily corresponds, the way in which pages are fetched from a web site. In every case intrusive behaviors that violate locality are known to exist and in some cases, the violation is necessary for the intrusive behavior to achieve its goal. If this observation holds up under further investigation, we will have a powerful way of thinking about security and intrusive activity. Categories and Subject Descriptors C.2 [Computer-Communications Networks]: Local and Wide-Area Networks; C.2.5 [Local and Wide-Area Networks]: Internet—observations of traffic characteristics G...
Real-time Traffic| Added | 05 Jul 2010 |
| Updated | 05 Jul 2010 |
| Type | Conference |
| Year | 2003 |
| Where | NSPW |
| Authors | John McHugh, Carrie Gates |
Comments (0)
Researcher Info
|
