Detection rate and false alarm rate for Pagoda

facebooktwitterRSSmailshare
Abstract: 

Efficient intrusion detection and analysis of the security landscape in big data environments present challenge for today's users. Intrusion behavior can be described by provenance graphs that record the dependency relationships between intrusion processes and the infected files. Existing intrusion detection methods typically analyze and identify the anomaly either in a single provenance path or the whole provenance graph, neither of which can achieve the benefit on both detection accuracy and detection time. We propose Pagoda, a hybrid approach that takes into account the anomaly degree of both a single provenance path and the whole provenance graph. It can identify intrusion quickly if a serious compromise has been found on one path, and can further improve the detection rate by considering the behavior representation in the whole provenance graph. Pagoda uses a persistent memory database to store provenance and aggregates multiple similar items into one provenance record to maximumly reduce unnecessary I/O during the detection analysis. In addition, it encodes duplicate items in the rule database and filters noise that does not contain intrusion information. The experimental results on a wide variety of real-world applications demonstrate its performance and efficiency.

Instructions: 

This file contains all the original test data for detecting intrusion using provenance based intrusion detection that takes into account both a single path and the whole provenance graph. We have added the annotation in the file to make it more easily read.

License: Creative Commons Attribution

Dataset Files

You must be an IEEE Dataport Subscriber to access these files. Login or subscribe now.

Help us make IEEE DataPort better. Sign up to be a Beta Tester and receive a coupon code for a free subscription to IEEE DataPort! Learn More

Dataset Details

Citation Author(s):
Yulai Xie
Submitted by:
Yulai Xie
Last updated:
Sat, 07/07/2018 - 16:21
DOI:
10.21227/c3es-rv63
Data Format:
 
Share / Embed Cite

Categories & Keywords

Subscribe

Embed this dataset on another website

Copy and paste the HTML code below to embed your dataset:

Share via email or social media

Click the buttons below:

facebooktwittermailshare
[1] Yulai Xie, "Detection rate and false alarm rate for Pagoda", IEEE Dataport, 2018. [Online]. Available: http://dx.doi.org/10.21227/c3es-rv63. Accessed: Jul. 17, 2018.
@data{c3es-rv63-18,
doi = {10.21227/c3es-rv63},
url = {http://dx.doi.org/10.21227/c3es-rv63},
author = {Yulai Xie },
publisher = {IEEE Dataport},
title = {Detection rate and false alarm rate for Pagoda},
year = {2018} }
TY - DATA
T1 - Detection rate and false alarm rate for Pagoda
AU - Yulai Xie
PY - 2018
PB - IEEE Dataport
UR - 10.21227/c3es-rv63
ER -
Yulai Xie. (2018). Detection rate and false alarm rate for Pagoda. IEEE Dataport. http://dx.doi.org/10.21227/c3es-rv63
Yulai Xie, 2018. Detection rate and false alarm rate for Pagoda. Available at: http://dx.doi.org/10.21227/c3es-rv63.
Yulai Xie. (2018). "Detection rate and false alarm rate for Pagoda." Web.
1. Yulai Xie. Detection rate and false alarm rate for Pagoda [Internet]. IEEE Dataport; 2018. Available from : http://dx.doi.org/10.21227/c3es-rv63
Yulai Xie. "Detection rate and false alarm rate for Pagoda." doi: 10.21227/c3es-rv63