Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Journal of Network and Systems Management
Architecture of Generalized Network Service Anomaly and Fault Thresholds
MMNS '01 Proceedings of the 4th IFIP/IEEE International Conference on Management of Multimedia Networks and Services: Management of Multimedia on the Internet
Measuring normality in HTTP traffic for anomaly-based intrusion detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Computer security and intrusion detection
Crossroads
Computer Networks and ISDN Systems
Factor-analysis based anomaly detection and clustering
Decision Support Systems
Authentication anomaly detection: a case study on a virtual private network
Proceedings of the 3rd annual ACM workshop on Mining network data
A hybrid machine learning approach to network anomaly detection
Information Sciences: an International Journal
A NetFlow based flow analysis and monitoring system in enterprise networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Approximate autoregressive modeling for network attack detection
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Approximate autoregressive modeling for network attack detection
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Computer Networks: The International Journal of Computer and Telecommunications Networking
A linear genetic programming approach to intrusion detection
GECCO'03 Proceedings of the 2003 international conference on Genetic and evolutionary computation: PartII
An attack classification mechanism based on multiple support vector machines
ICCSA'07 Proceedings of the 2007 international conference on Computational science and Its applications - Volume Part II
Real-time detection of traffic anomalies in wireless mesh networks
Wireless Networks
Sampling distance analysis of gigantic data mining for intrusion detection systems
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
A novel architecture for detecting and defending against flooding-based DDoS attacks
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
SVM approach with a genetic algorithm for network intrusion detection
ISCIS'05 Proceedings of the 20th international conference on Computer and Information Sciences
Automatic location detection system for anomaly traffic on wired/wireless networks
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part II
Network intrusion detection using wavelet analysis
CIT'04 Proceedings of the 7th international conference on Intelligent Information Technology
Intrusion detection based on MLP neural networks and k-means algorithm
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
IP v6 secure tunneling mechanism
Proceedings of the CUBE International Information Technology Conference
Hi-index | 0.00 |
This paper examines the application of Statistical Traffic Modeling for detecting novel attacks against computer networks. We discuss the application of Network Activity Models and Application Models using the 1998 DARPA Intrusion Detection Evaluation dataset. Network Activity Models monitor the volume of traffic in the network, while Application Models describe the operation of application protocols. By plotting the ROC (Receiver Operating Characteristic) curves induced by the traffic activity, we quantify the effectiveness of Network Activity Models in discriminating normal connections from attack connections generated by Denial-of-Service and Probing attacks. It is verified that Denial-of-Service and Probing attacks leave traces on simple Network Activity Models, with rates of false alarm which are comparable to the false alarm rates obtained by the participants of the 1998 DARPA Evaluation, in which much more complex detection schemes were utilized. For Application Models, we use the Kolmogorov-Smirnov Test to show that attacks using telnet connections in the DARPA dataset form a population, which is statistically different from the normal telnet connections. The statistics used in our study are the number of bytes from the responder, and the byte ratio responder-originator. Again, our results are comparable to those obtained in the DARPA Evaluation.