The Strength of Weak Learnability
Machine Learning
On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
A heuristic approach for solving decentralized-POMDP: assessment on the pursuit problem
Proceedings of the 2002 ACM symposium on Applied computing
Measuring ISP topologies with rocketfuel
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
The Complexity of Decentralized Control of Markov Decision Processes
Mathematics of Operations Research
Combining One-Class Classifiers
MCS '01 Proceedings of the Second International Workshop on Multiple Classifier Systems
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Sensor management using an active sensing approach
Signal Processing
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Robust monitoring of link delays and faults in IP networks
IEEE/ACM Transactions on Networking (TON)
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
An overview of the OMNeT++ simulation environment
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Troika - An improved stacking schema for classification tasks
Information Sciences: an International Journal
Taming decentralized POMDPs: towards efficient policy computation for multiagent settings
IJCAI'03 Proceedings of the 18th international joint conference on Artificial intelligence
Intrusion Detection Based on One-class SVM and SNMP MIB Data
IAS '09 Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02
Layered Approach Using Conditional Random Fields for Intrusion Detection
IEEE Transactions on Dependable and Secure Computing
Efficient active probing for fault diagnosis in large scale and noisy networks
INFOCOM'10 Proceedings of the 29th conference on Information communications
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
International Journal of Network Management
A Framework for Monitoring SIP Enterprise Networks
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
A distributed and privacy-preserving method for network intrusion detection
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems: Part II
Joint optimization of monitor location and network anomaly detection
LCN '10 Proceedings of the 2010 IEEE 35th Conference on Local Computer Networks
Metric anomaly detection via asymmetric risk minimization
SIMBAD'11 Proceedings of the First international conference on Similarity-based pattern recognition
The ORCHIDS intrusion detection tool
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Combining one-class classifiers via meta learning
Proceedings of the 22nd ACM international conference on Conference on information & knowledge management
Hi-index | 0.00 |
In this work we investigate a new approach for detecting attacks which aim to degrade the network's Quality of Service (QoS). To this end, a new network-based intrusion detection system (NIDS) is proposed. Most contemporary NIDSs take a passive approach by solely monitoring the network's production traffic. This paper explores a complementary approach in which distributed agents actively send out periodic probes. The probes are continuously monitored to detect anomalous behavior of the network. The proposed approach takes away much of the variability of the network's production traffic that makes it so difficult to classify. This enables the NIDS to detect more subtle attacks which would not be detected using the passive approach alone. Furthermore, the active probing approach allows the NIDS to be effectively trained using only examples of the network's normal states, hence enabling an effective detection of zero day attacks. Using realistic experiments, we show that an NIDS which also leverages the active approach is considerably more effective in detecting attacks which aim to degrade the network's QoS when compared to an NIDS which relies solely on the passive approach.