Projects & Papers

Research Project

 
 

Internet Anomaly & Intrusion Detection

Overview

Our project on network traffic anomalies concerns applying multiresolution analysis techniques to IP flow data.  MRA via wavelet methods enables anomalies to be isolated in both frequency and time. Our analysis uses data gathered from Flowscan and analyzed via the IDR Framenet software.

Coordinated intrusion detection shows clear benefits over NIDS located at a single site.  The DOMINO project is aimed at building a global coordinated intrusion detection infrastructure by combining data from firewalls, NIDS and Internet Sinks (iSinks).  DOMINO's objective is to decrease the reaction time to new worm outbreaks, to reduce false alarm rates and to automatically generate counter measures.

Papers

Yegneswaran, Vinod; Giffin, Jonathon T., Jha, Somesh. An Architecture for Generating Semantics-Aware Signatures. Proceedings of USENIX Security Symposium, 2005. (abstract, paper)

Sommers, Joel; Yegneswaran, Vinod; Barford Paul. A Framework for Malicious Workload Generation , To Appear in the Proceedings of ACM SIGCOMM/USENIX Internet Measurement Conference 2004 (abstract, paper)

Pang, Ruoming; Yegneswaran, Vinod, Barford, Paul; Paxson, Vern; Peterson Larry. Characteristics of Internet Background Radiation, To Appear in the Proceedings of ACM SIGCOMM/USENIX Internet Measurement Conference 2004 (abstract, paper)

Barford, Paul; Jha, Somesh; Yegneswaran, Vinod. Fusion and Filtering in Distributed Intrusion Detection Systems, In Proceedings of the 42nd Annual Allerton Conference on Communication, Control and Computing, September, 2004. (abstract, paper)

Yegneswaran, Vinod; Barford, Paul; Plonka, Dave On the Design and Utility of Internet Sinks for Network Abuse Monitoring, To Appear in the Proceedings of Symposium on Recent Advances in Intrusion Detection 2004 (abstract, paper)

Yegneswaran, Vinod; Barford, Paul; Jha, Somesh. Global Intrusion Detection in the DOMINO Overlay System, Proceedings of Network and Distributed Security Symposium (NDSS) 2004 (abstract, paper)

Yegneswaran, Vinod; Barford, Paul; Ullrich, Johannes. Internet Intrusions: Global Characteristics and Prevalence, In Proceedings of ACM SIGMETRICS, June, 2003. (abstract, paper)

Barford, Paul; Kline, Jeffery; Plonka, David; Ron, Amos. A Signal Analysis of Network Traffic Anomalies, In Proceedings of ACM SIGCOMM Internet Measurement Workshop, Marseilles, France, November, 2002.(abstract, paper).

Barford, Paul; Plonka, Dave. Characteristics of Network Traffic Flow Anomalies, July, 2001. In Proceedings of ACM SIGCOMM Internet Measurement Workshop, October, 2001. (paper).

Talks

Barford, Paul. A Signal Analysis of Network Traffic Anomalies, Presented at ACM SIGCOMM Internet Measurement Workshop, Marseilles,France, November, 2002.(slides)

Data

TBA


Members


Paul Barford
Somesh Jha
Amos Ron
Dave Plonka
Vinod Yegneswaran
Jeff Kline

 

 


University of Wisconsin - Madison home
Collaborators & Sponsors Access Wail Seminars Software & Data Projects & Papers Description & Tour Home