Statistical Traffic Modeling for Network Intrusion Detection

Authors:
João B. D. Cabrera;B. Ravichandran;Raman K. Mehra
Affiliations:
-;-;-
Venue:
MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Year:
2000

Citing 0
Cited 26

Service specific anomaly detection for network intrusion detection

Proceedings of the 2002 ACM symposium on Applied computing
Proactive Intrusion Detection and Distributed Denial of Service Attacks—A Case Study in Security Management

Journal of Network and Systems Management
Detection and classification of intrusions and faults using sequences of system calls

ACM SIGMOD Record
Architecture of Generalized Network Service Anomaly and Fault Thresholds

MMNS '01 Proceedings of the 4th IFIP/IEEE International Conference on Management of Multimedia Networks and Services: Management of Multimedia on the Internet
Measuring normality in HTTP traffic for anomaly-based intrusion detection

Computer Networks: The International Journal of Computer and Telecommunications Networking
Computer security and intrusion detection

Crossroads
Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features

Computer Networks and ISDN Systems
Factor-analysis based anomaly detection and clustering

Decision Support Systems
Authentication anomaly detection: a case study on a virtual private network

Proceedings of the 3rd annual ACM workshop on Mining network data
A hybrid machine learning approach to network anomaly detection

Information Sciences: an International Journal
Ensemble methods for anomaly detection and distributed intrusion detection in Mobile Ad-Hoc Networks

Information Fusion
A NetFlow based flow analysis and monitoring system in enterprise networks

Computer Networks: The International Journal of Computer and Telecommunications Networking
Approximate autoregressive modeling for network attack detection

Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Approximate autoregressive modeling for network attack detection

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features

Computer Networks: The International Journal of Computer and Telecommunications Networking
A linear genetic programming approach to intrusion detection

GECCO'03 Proceedings of the 2003 international conference on Genetic and evolutionary computation: PartII
An attack classification mechanism based on multiple support vector machines

ICCSA'07 Proceedings of the 2007 international conference on Computational science and Its applications - Volume Part II
Real-time detection of traffic anomalies in wireless mesh networks

Wireless Networks
Sampling distance analysis of gigantic data mining for intrusion detection systems

CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
A novel architecture for detecting and defending against flooding-based DDoS attacks

CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
SVM approach with a genetic algorithm for network intrusion detection

ISCIS'05 Proceedings of the 20th international conference on Computer and Information Sciences
Automatic location detection system for anomaly traffic on wired/wireless networks

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part II
Network intrusion detection using wavelet analysis

CIT'04 Proceedings of the 7th international conference on Intelligent Information Technology
Intrusion detection based on MLP neural networks and k-means algorithm

ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
Anomaly detection methods in wired networks: a survey and taxonomy

Computer Communications
IP v6 secure tunneling mechanism

Proceedings of the CUBE International Information Technology Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper examines the application of Statistical Traffic Modeling for detecting novel attacks against computer networks. We discuss the application of Network Activity Models and Application Models using the 1998 DARPA Intrusion Detection Evaluation dataset. Network Activity Models monitor the volume of traffic in the network, while Application Models describe the operation of application protocols. By plotting the ROC (Receiver Operating Characteristic) curves induced by the traffic activity, we quantify the effectiveness of Network Activity Models in discriminating normal connections from attack connections generated by Denial-of-Service and Probing attacks. It is verified that Denial-of-Service and Probing attacks leave traces on simple Network Activity Models, with rates of false alarm which are comparable to the false alarm rates obtained by the participants of the 1998 DARPA Evaluation, in which much more complex detection schemes were utilized. For Application Models, we use the Kolmogorov-Smirnov Test to show that attacks using telnet connections in the DARPA dataset form a population, which is statistically different from the normal telnet connections. The statistics used in our study are the number of bytes from the responder, and the byte ratio responder-originator. Again, our results are comparable to those obtained in the DARPA Evaluation.