A covariance matrix based approach to internet anomaly detection

Authors:
Shuyuan Jin;Daniel So Yeung;Xizhao Wang;Eric C. C. Tsang
Affiliations:
Department of Computing, HongKong Polytechnic University, HongKong;Department of Computing, HongKong Polytechnic University, HongKong;School of Mathematics and Computer Science, Hebei University, Baoding, China;Department of Computing, HongKong Polytechnic University, HongKong
Venue:
ICMLC'05 Proceedings of the 4th international conference on Advances in Machine Learning and Cybernetics
Year:
2005

Citing 5
Cited 0

A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection

IEEE Transactions on Computers
A data mining framework for constructing features and models for intrusion detection systems (computer security, network security)

A data mining framework for constructing features and models for intrusion detection systems (computer security, network security)
Recursive estimation of the covariance matrix of acompound-Gaussian process and its application to adaptive CFAR detection

IEEE Transactions on Signal Processing
Network intrusion and fault detection: a statistical anomaly approach

IEEE Communications Magazine

Quantified Score

Hi-index	0.00

Visualization

Abstract

Detecting multiple network attacks is essential to intrusion detection, network security defense and network traffic management. This paper presents a covariance matrix based detection approach to detecting multiple known and unknown network anomalies. It utilizes the difference of covariance matrices among observed samples in the detection. A threshold matrix is employed in the detection where each entry of the matrix evaluates the covariance changes of the corresponding features. As case studies, extensive experiments are conducted to detect multiple DoS attacks – the prevalent Internet anomalies. The experimental results indicate that the proposed approach achieves high detection rates in detecting multiple known and unknown anomalies.