SPAD: a session pattern anomaly detector for pre-alerting intrusions in home network

Authors:
Soo-Jin Park;Young-Shin Park;Yong-Rak Choi;Sukhoon Kang
Affiliations:
Department of Computer Engineering, Daejeon University, Daejeon, Korea;Department of Computer Engineering, Daejeon University, Daejeon, Korea;Department of Computer Engineering, Daejeon University, Daejeon, Korea;Department of Computer Engineering, Daejeon University, Daejeon, Korea
Venue:
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
Year:
2006

Citing 1
Cited 0

Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)

Quantified Score

Hi-index	0.00

Visualization

Abstract

In order to prevent the intrusion in network-based information systems effectively, it is necessary to detect the early sign in advance of intrusion. This sort of pre-alerting approach may be classified as an active prevention, since detecting the various forms of hackers' intrusion trials to know the vulnerability of systems is not missed and early cross-checked. The existing network-based anomaly detection algorithms that cope with port-scanning and the network vulnerability scans have some weakness in slow scans and coordinated scans. Therefore, a new concept of pre-alerting algorithm is especially attractive to detect effectively the various forms of abnormal accesses for the trial of intrusion regardless of the intrusion methods. In this paper, we propose a session pattern anomaly detector (SPAD) which detects the abnormal service patterns by comparing them with the ordinary normal service patterns.