Intrusion Detection: Current Capabilities and Future Directions
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection
IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
Markov Chains, Classifiers, and Intrusion Detection
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
ProtoMon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Hi-index | 0.00 |
As we know, a lot of network attacks come from abusing different network protocols and several new attacks violate the protocol standard. Kumar Das first presented the concept of the protocol anomaly detection. The idea of protocol anomaly detection is not new but interesting. It aims to set up models for proper use of protocols and any behavior that departs from the models will be regarded as an intrusive or suspicious one. In this paper, we made some improvements that aim at the lack of stochastic protocol models based on Markov Chain and made some evaluations for that presented by Juan M. Some necessary states are added to the protocol model. Furthermore, the initial and transition probabilities are more precise. Also, we propose to combine Chi-Square Distance into Markov Chain method to detect protocol anomaly. The experimental results show that SYN Flooding attack can be detected efficiently by the new approach.