BibTeX Entry

  author	= {Ding, Qi and Katenka, Natallia and Barford, Paul and Kolaczyk, Eric and Crovella, Mark},
  title		= {Intrusion as (Anti)social Communication: Characterization and Detection},
  booktitle	= {Proceedings of the ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) 2012},
  year		= {2012},
  address	= {Beijing, China},
  month		= aug,
  doi		= {10.1145/2339530.2339670},
  abstract	= {A reasonable definition of intrusion is: entering a community to which one doesn't belong. This suggests that in a network, intrusion attempts may be detected by looking for communication that does not respect community boundaries. In this paper, we examine the utility of this concept for identifying malicious network sources. In particular, our goal is to explore whether this concept allows a core-network operator using flow data to perform intrusion detection at a level commensurate with signature-based systems located at network edges. We show that simple measures of communities can be defined for flow data that allow a remarkably effective level of intrusion detection simply by looking for flows that do not respect those communities. We validate our approach using labeled intrusion attempt data collected at a large number of edge networks.},
  note		= {Best Student Paper Award},
  URL		= {}