Self-similarity in World Wide Web traffic: evidence and possible causes
Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Network intrusion and fault detection: a statistical anomaly approach
IEEE Communications Magazine
A workload characterization study of the 1998 World Cup Web site
IEEE Network: The Magazine of Global Internetworking
A note on skew-normal distribution approximation to the negative binomal distribution
ASMCSS'09 Proceedings of the 3rd International Conference on Applied Mathematics, Simulation, Modelling, Circuits, Systems and Signals
A note on skew-normal distribution approximation to the negative binomal distribution
WSEAS Transactions on Mathematics
| Hi-index | 0.00 |
As distributed network intrusion detection systems expand to integrate hundreds and possibly thousands of sensors, managing and presenting the associated sensor data becomes an increasingly complex task. Methods of intelligent data reduction are needed to make sense of the wide dimensional variations. We present a new signal primitive we call conversation exchange dynamics (CED) that accentuates anomalies in traffic flow. This signal provides an aggregated primitive that may be used by intrusion detection systems to base detection strategies upon. Indications of the signal in a variety of simulated and actual anomalous network traffic from distributed sensor collections are presented. Specifically, attacks from the MIT Lawrence Livermore IDS data set are considered. We conclude that CED presents a useful signal primitive for assistance in conducting IDS.