Open Access

Lecture Notes in Computer Science, pages 142-160

Cross-Domain Collaborative Anomaly Detection: So Far Yet So Close

Nathaniel Boggs ¹

Sharath Hiremagalore ²

ANGELOS STAVROU ²

Salvatore J. Stolfo ¹

Hide authors affiliations Show authors affiliations: 2 affiliations

Department of Computer Science, Columbia University, USA |

Department of Computer Science, George Mason University, USA |

Publication type: Book Chapter

Publication date: 2011-01-01

Springer Nature

Journal: Lecture Notes in Computer Science

SJR: 0.606

CiteScore: 2.6

Impact factor: —

ISSN: 03029743, 16113349, 18612075, 18612083

DOI: 10.1007/978-3-642-23644-0_8

Copy DOI

Abstract

Web applications have emerged as the primary means of access to vital and sensitive services such as online payment systems and databases storing personally identifiable information. Unfortunately, the need for ubiquitous and often anonymous access exposes web servers to adversaries. Indeed, network-borne zero-day attacks pose a critical and widespread threat to web servers that cannot be mitigated by the use of signature-based intrusion detection systems. To detect previously unseen attacks, we correlate web requests containing user submitted content across multiple web servers that is deemed abnormal by local Content Anomaly Detection (CAD) sensors. The cross-site information exchange happens in real-time leveraging privacy preserving data structures. We filter out high entropy and rarely seen legitimate requests reducing the amount of data and time an operator has to spend sifting through alerts. Our results come from a fully working prototype using eleven weeks of real-world data from production web servers. During that period, we identify at least three application-specific attacks not belonging to an existing class of web attacks as well as a wide-range of traditional classes of attacks including SQL injection, directory traversal, and code inclusion without using human specified knowledge or input.

Found

Top-30

Journals

	1 2 3
Lecture Notes in Computer Science	Lecture Notes in Computer Science, 3, 17.65% Lecture Notes in Computer Science 3 publications, 17.65%
International Journal of Data Warehousing and Mining	International Journal of Data Warehousing and Mining, 1, 5.88% International Journal of Data Warehousing and Mining 1 publication, 5.88%
Journal of Computer Security	Journal of Computer Security, 1, 5.88% Journal of Computer Security 1 publication, 5.88%
Journal of Computer Virology and Hacking Techniques	Journal of Computer Virology and Hacking Techniques, 1, 5.88% Journal of Computer Virology and Hacking Techniques 1 publication, 5.88%
Journal of Network and Computer Applications	Journal of Network and Computer Applications, 1, 5.88% Journal of Network and Computer Applications 1 publication, 5.88%
Texts and Monographs in Symbolic Computation	Texts and Monographs in Symbolic Computation, 1, 5.88% Texts and Monographs in Symbolic Computation 1 publication, 5.88%
IEEE Journal on Selected Topics in Signal Processing	IEEE Journal on Selected Topics in Signal Processing, 1, 5.88% IEEE Journal on Selected Topics in Signal Processing 1 publication, 5.88%
IEEE Internet of Things Journal	IEEE Internet of Things Journal, 1, 5.88% IEEE Internet of Things Journal 1 publication, 5.88%
IEEE Transactions on Information Forensics and Security	IEEE Transactions on Information Forensics and Security, 1, 5.88% IEEE Transactions on Information Forensics and Security 1 publication, 5.88%
Advances in Computers	Advances in Computers, 1, 5.88% Advances in Computers 1 publication, 5.88%
ACM Computing Surveys	ACM Computing Surveys, 1, 5.88% ACM Computing Surveys 1 publication, 5.88%
	1 2 3

Publishers

	1 2 3 4 5
Springer Nature	Springer Nature, 5, 29.41% Springer Nature 5 publications, 29.41%
Institute of Electrical and Electronics Engineers (IEEE)	Institute of Electrical and Electronics Engineers (IEEE), 5, 29.41% Institute of Electrical and Electronics Engineers (IEEE) 5 publications, 29.41%
Association for Computing Machinery (ACM)	Association for Computing Machinery (ACM), 3, 17.65% Association for Computing Machinery (ACM) 3 publications, 17.65%
Elsevier	Elsevier, 2, 11.76% Elsevier 2 publications, 11.76%
IGI Global	IGI Global, 1, 5.88% IGI Global 1 publication, 5.88%
IOS Press	IOS Press, 1, 5.88% IOS Press 1 publication, 5.88%
	1 2 3 4 5

We do not take into account publications without a DOI.
Statistics recalculated only for publications connected to researchers, organizations and labs registered on the platform.
Statistics recalculated weekly.

Are you a researcher?

Create a profile to get free access to personal recommendations for colleagues and new articles.

Metrics

Cite this

GOST |

Cite this

GOST Copy

Boggs N. et al. Cross-Domain Collaborative Anomaly Detection: So Far Yet So Close // Lecture Notes in Computer Science. 2011. pp. 142-160.

GOST all authors (up to 50) Copy

Boggs N., Hiremagalore S., STAVROU A., Stolfo S. J. Cross-Domain Collaborative Anomaly Detection: So Far Yet So Close // Lecture Notes in Computer Science. 2011. pp. 142-160.

RIS |

Cite this

RIS Copy

TY - GENERIC

DO - 10.1007/978-3-642-23644-0_8

UR - https://doi.org/10.1007/978-3-642-23644-0_8

TI - Cross-Domain Collaborative Anomaly Detection: So Far Yet So Close

T2 - Lecture Notes in Computer Science

AU - Boggs, Nathaniel

AU - Hiremagalore, Sharath

AU - STAVROU, ANGELOS

AU - Stolfo, Salvatore J.

PY - 2011

DA - 2011/01/01

PB - Springer Nature

SP - 142-160

SN - 0302-9743

SN - 1611-3349

SN - 1861-2075

SN - 1861-2083

ER -

BibTex

Cite this

BibTex (up to 50 authors) Copy

@incollection{2011_Boggs,

author = {Nathaniel Boggs and Sharath Hiremagalore and ANGELOS STAVROU and Salvatore J. Stolfo},

title = {Cross-Domain Collaborative Anomaly Detection: So Far Yet So Close},

publisher = {Springer Nature},

year = {2011},

pages = {142--160},

month = {jan}

}

Found error?

Publisher

Springer Nature

Journal

Lecture Notes in Computer Science

SJR

0.606

CiteScore

2.6

Impact factor

—

ISSN

03029743 (Print)

16113349 (Electronic)

18612075 (Print)

18612083 (Electronic)