Real-time network-based anomaly intrusion detection

Authors:
Ravindra Balupari;Brett Tjaden;Shawn Ostermann;Marina Bykova;Aaron Mitchell
Affiliations:
School of Electrical Engineering and Computer Science, Ohio University, Athens, OH;School of Electrical Engineering and Computer Science, Ohio University, Athens, OH;School of Electrical Engineering and Computer Science, Ohio University, Athens, OH;School of Electrical Engineering and Computer Science, Ohio University, Athens, OH;School of Electrical Engineering and Computer Science, Ohio University, Athens, OH
Venue:
Real-time system security
Year:
2003

Citing 3
Cited 0

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
UNICORN: misuse detection for UNICOS

Supercomputing '95 Proceedings of the 1995 ACM/IEEE conference on Supercomputing
The intrusion detection system AID—architecture, and experiences in automated audit analysis

Proceedings of the IFIP TC6/TC11 international conference on Communications and multimedia security II

Quantified Score

Hi-index	0.00

Visualization

Abstract

The global internet has made computer systems world-wide vulnerable to an ever-changing array of attacks. A new approach to perform real-time network-based anomaly intrusion detection is presented in this paper. Real-time Tcptrace generates data streams which are analysed to detect network-based attacks. Real-time Tcptrace periodically reports statistics on all the open TCP/IP connections in the network. Then, using the Abnormality Factor method, statistical profiles are built for the normal behavior of the network services. Abnormal activity is then flagged as an intrusion. This approach has the advantage of being able to monitor any service without the prior knowledge of modelling its behavior. The paper presents interesting results and evaluation of the approach by conducting experiments using the MIT Lincoln lab evaluation data.