Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach
Proceedings of the 2001 workshop on New security paradigms
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
A Statistical Method for Profiling Network Traffic
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Detecting Denial-of-Service attacks using the wavelet transform
Computer Communications
An evaluation of connection characteristics for separating network attacks
International Journal of Security and Networks
Random effects logistic regression model for anomaly detection
Expert Systems with Applications: An International Journal
Finding peer-to-peer file-sharing using coarse network behaviors
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Hi-index | 0.00 |
This paper presents results of an empirical analysis of NATE (Network Analysis of Anomalous Traffic Events), a lightweight, anomaly based intrusion detection tool. Previous work was based on the simulated Lincoln Labs data set. Here, we show that NATE can operate under the constraints of real data inconsistencies. In addition, new TCP sampling and distance methods are presented. Differences between real and simulated data are discussed in the course of the analysis.