Communications of the ACM
Principles of a computer immune system
NSPW '97 Proceedings of the 1997 workshop on New security paradigms
Implementing a Generalized Tool for Network Monitoring
LISA '97 Proceedings of the 11th Conference on Systems Administration
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Architecture for an Artificial Immune System
Evolutionary Computation
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
An empirical analysis of NATE: Network Analysis of Anomalous Traffic Events
Proceedings of the 2002 workshop on New security paradigms
An evaluation technique for network intrusion detection systems
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Behavior-based modeling and its application to Email analysis
ACM Transactions on Internet Technology (TOIT)
Attack profiles to derive data observations, features, and characteristics of cyber attacks
Information-Knowledge-Systems Management
A comparative evaluation of two algorithms for Windows Registry Anomaly Detection
Journal of Computer Security
Detecting Denial-of-Service attacks using the wavelet transform
Computer Communications
A generic language for application-specific flow sampling
ACM SIGCOMM Computer Communication Review
Traffic Aggregation for Malware Detection
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
An architecture of unknown attack detection system against zero-day worm
ACS'08 Proceedings of the 8th conference on Applied computer scince
Payload modeling for network intrusion detection systems
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
An efficient SVM-Based method to detect malicious attacks for web servers
APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
Anomaly detection in computer security and an application to file system accesses
ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
Hi-index | 0.00 |
A new approach to network intrusion detection is needed to solve the monitoring problems of high volume network data and the time constraints for Intrusion Detection System (IDS) management. Most current network IDS's have not been specifically designed for high speed traffic or low maintenance. We propose a solution to these problems which we call NATE, Network Analysis of Anomalous Traffic Events. Our approach features minimal network traffic measurement, an anomaly-based detection method, and a limited attack scope. NATE is similar to other lightweight approaches in its simplified design, but our approach, being anomaly based, should be more efficient in both operation and maintenance than other lightweight approaches. We present the method and perform an empirical test using MIT Lincoln Lab's data.