Using behavior knowledge space and temporal information for detecting intrusions in computer networks

Authors:
L. P. Cordella;I. Finizio;C. Mazzariello;C. Sansone
Affiliations:
Dipartimento di Informatica e Sistemistica, Università di Napoli “Federico II”, Napoli, Italy;Dipartimento di Informatica e Sistemistica, Università di Napoli “Federico II”, Napoli, Italy;Dipartimento di Informatica e Sistemistica, Università di Napoli “Federico II”, Napoli, Italy;Dipartimento di Informatica e Sistemistica, Università di Napoli “Federico II”, Napoli, Italy
Venue:
ICAPR'05 Proceedings of the Third international conference on Pattern Recognition and Image Analysis - Volume Part II
Year:
2005

Citing 15
Cited 0

A Method of Combining Multiple Experts for the Recognition of Unconstrained Handwritten Numerals

IEEE Transactions on Pattern Analysis and Machine Intelligence
Intrusion detection with neural networks

NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
A simple, fast, and effective rule learner

AAAI '99/IAAI '99 Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence
Temporal sequence learning and data reduction for anomaly detection

ACM Transactions on Information and System Security (TISSEC)
NetSTAT: a network-based intrusion detection system

Journal of Computer Security
The base-rate fallacy and the difficulty of intrusion detection

ACM Transactions on Information and System Security (TISSEC)
A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Difficulties in simulating the internet

IEEE/ACM Transactions on Networking (TON)
Fusion of multiple classifiers for intrusion detection in computer networks

Pattern Recognition Letters
A machine learning approach to detecting attacks by identifying anomalies in network traffic

A machine learning approach to detecting attacks by identifying anomalies in network traffic
Novelty detection: a review—part 2: neural network based approaches

Signal Processing
A study in using neural networks for anomaly and misuse detection

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A modular multiple classifier system for the detection of intrusions in computer networks

MCS'03 Proceedings of the 4th international conference on Multiple classifier systems
Training a neural-network based intrusion detector to recognize novel attacks

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans

Quantified Score

Hi-index	0.00

Visualization

Abstract

Pattern Recognition (PR) techniques have proven their ability for detecting malicious activities within network traffic. Systems based on multiple classifiers can further enforce detection capabilities by combining and correlating the results obtained by different sources. An aspect often disregarded in PR approaches dealing with the intrusion detection problem is the use of temporal information. Indeed, an attack is typically carried out along a set of consecutive network packets; therefore, a PR system could improve its reliability by examining sequences of network connections before expressing a decision. In this paper we present a system that uses a multiple classifier approach together with temporal information about the network packets to be classified. In order to improve classification reliability, we introduce the concept of rejection: instead of emitting an unreliable verdict, an ambiguously classified packet can be logged for further analysis. The proposed system has been tested on a wide database made up of real network traffic traces.