A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
A data mining framework for constructing features and models for intrusion detection systems (computer security, network security)
IEEE Transactions on Signal Processing
Network intrusion and fault detection: a statistical anomaly approach
IEEE Communications Magazine
Hi-index | 0.00 |
Detecting multiple network attacks is essential to intrusion detection, network security defense and network traffic management. This paper presents a covariance matrix based detection approach to detecting multiple known and unknown network anomalies. It utilizes the difference of covariance matrices among observed samples in the detection. A threshold matrix is employed in the detection where each entry of the matrix evaluates the covariance changes of the corresponding features. As case studies, extensive experiments are conducted to detect multiple DoS attacks – the prevalent Internet anomalies. The experimental results indicate that the proposed approach achieves high detection rates in detecting multiple known and unknown anomalies.