La Sécurité des Réseaux: une approche de détection de malveillances

Authors

  • Jacky AKOKA CNAM à Paris
  • Dominique BRIOLAT ESSEC à Paris
  • Isabelle COMYN-WATTIAU ESSEC à Paris et Université de Versailles, Laboratoire PRISM

Keywords:

Computer security, Network, Malevolence, Detection, User profile, Risk class, Behavior model, Centralized system

Abstract

This paper describes a system allowing us to detect malevolences in a computer network. This system, called DAMaR (a French acronym for Advanced Detection of Malevolences in a Computer Network), analyzes users behavior characterized by quantitative components such as CPU time, average number of erroneous connections, average number of system and software primitives usage, etc. and qualitative components such as day and time of regular connections, workstation number, etc. Any change in the behavior may be interpreted as a malevolent intention. Whenever user profile changes in a significant manner, an enquiry is triggered. The profile is not predefined but initialized during a learning period where the system observes users. To avoid network saturation, users are assigned to risk classes. At the beginning, all the users are located in the same class. Users behavior variations induce class changes. The system has been implemented on a UNIX network on a centralized mode. It allowed us to illustrate the dynamics of the model by exhibiting user class changes.

Downloads

How to Cite

AKOKA, J., BRIOLAT, D., & COMYN-WATTIAU, I. (1998). La Sécurité des Réseaux: une approche de détection de malveillances. Systèmes d’Information Et Management (French Journal of Management Information Systems), 3(2), 23–42. Retrieved from https://revuesim.org/index.php/sim/article/view/43

Issue

Vol. 3 No. 2 (1998)

Section

Empirical Research Article

License

The author bears the responsibility for checking whether material submitted is subject to copyright or ownership rights (e.g. figures, tables, photographs, illustrations, trade literature and data). The author will need to obtain permission to reproduce any such items, and include these permissions with their final submission.

It is our policy to ask all contributors to transfer for free the copyright in their contribution to the journal owner. There are two broad reasons for this:

  • ownership of copyright by the journal owner facilitates international protection against infringement of copyright, libel or plagiarism;
  • it also ensures that requests by third parties to reprint or reproduce a contribution, or part of it, in either print or electronic form, are handled efficiently in accordance with our general policy which encourages dissemination of knowledge within the framework of copyright.

 

In conformity with the French law, the author keeps the 'moral rights' related to the article:

  • The 'authorship right': It is the author's right to have his name associated with each publication and exploitation of the article.
  • The 'integrity right': It can be claimed by the author if he finds that during an exploitation, his work has been distorted (cutting, reassembly...).