IEEE Transactions on Software Engineering - Special issue on computer security and privacy
UNICORN: misuse detection for UNICOS
Supercomputing '95 Proceedings of the 1995 ACM/IEEE conference on Supercomputing
The intrusion detection system AID—architecture, and experiences in automated audit analysis
Proceedings of the IFIP TC6/TC11 international conference on Communications and multimedia security II
Hi-index | 0.00 |
The global internet has made computer systems world-wide vulnerable to an ever-changing array of attacks. A new approach to perform real-time network-based anomaly intrusion detection is presented in this paper. Real-time Tcptrace generates data streams which are analysed to detect network-based attacks. Real-time Tcptrace periodically reports statistics on all the open TCP/IP connections in the network. Then, using the Abnormality Factor method, statistical profiles are built for the normal behavior of the network services. Abnormal activity is then flagged as an intrusion. This approach has the advantage of being able to monitor any service without the prior knowledge of modelling its behavior. The paper presents interesting results and evaluation of the approach by conducting experiments using the MIT Lincoln lab evaluation data.