Community Research and Development Information Service - CORDIS

FP7

Final Report - DMASD4CA (Distributed multi-way analysis of stream data for detection of complex attacks)

Project ID: 221077
Funded under: FP7-PEOPLE

Abstract

A 'complex attack' is a sequence of temporally and spatially separated actions each of which may be detected or prevented by various intrusion detection systems (IDS); however, as a whole they constitute a powerful attack that cannot be detected by IDS paradigm. Examples include 'insider' and 'stealth' attacks.

The main reason for IDS paradigm to fall short of detecting and modelling complex attacks is that adversarial actions may not violate any IDS rules explicitly. Thus, new methods are required to efficiently recognise complex attacks within message streams coming from various sources such as IDS, sniffers and system logs.

This research addresses several import issues for sampling and analysis of complex stream data. The report comments that the techniques developed can analyse three-way data in using a sliding window like decomposition algorithm. The three-way tensor analysis techniques are developed to find the structure in this data and identify a signature for the resource usage of each user in a collaborative environment which can be used for threat analysis.

Download application/pdf (168172)

Related information

Record Number: 11361 / Last updated on: 2011-08-02
Category: PROJ