A new network anomaly detection technique based on per-flow and per-service statistics

Authors:
Yuji Waizumi;Daisuke Kudo;Nei Kato;Yoshiaki Nemoto
Affiliations:
Graduate School of Information Sciences(GSIS), Tohoku University, Sendai, Miyagi, Japan;DAI NIPPON PRINTING CO., LTD., Tokyo, Japan;Graduate School of Information Sciences(GSIS), Tohoku University, Sendai, Miyagi, Japan;Graduate School of Information Sciences(GSIS), Tohoku University, Sendai, Miyagi, Japan
Venue:
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Year:
2005

Citing 4
Cited 0

Experience with EMERALD to Date

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Learning nonstationary models of normal network traffic for detecting novel attacks

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Network traffic anomaly detection based on packet bytes

Proceedings of the 2003 ACM symposium on Applied computing
Synthesizing fast intrusion prevention/detection systems from high-level specifications

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8

Quantified Score

Hi-index	0.00

Visualization

Abstract

In the present network security management, improvements in the performances of Intrusion Detection Systems(IDSs) are strongly desired. In this paper, we propose a network anomaly detection technique which can learn a state of network traffic based on per-flow and per-service statistics. These statistics consist of service request frequency, characteristics of a flow and code histogram of payloads. In this technique, we achieve an effective definition of the network state by observing the network traffic according to service. Moreover, we conduct a set of experiments to evaluate the performance of the proposed scheme and compare with those of other techniques.