Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Measuring normality in HTTP traffic for anomaly-based intrusion detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Evading network anomaly detection systems: formal reasoning and practical techniques
Proceedings of the 13th ACM conference on Computer and communications security
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Information sharing for distributed intrusion detection systems
Journal of Network and Computer Applications
Anomaly detection and diagnosis in grid environments
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
ULISSE, a network intrusion detection system
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Self-learning System for Detection of Anomalous SIP Messages
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Anomaly Detection of Hostile Traffic Based on Network Traffic Distributions
Information Networking. Towards Ubiquitous Networking and Services
A Semi-Autonomic Framework for Intrusion Tolerance in Heterogeneous Networks
IWSOS '08 Proceedings of the 3rd International Workshop on Self-Organizing Systems
Internet traffic behavior profiling for network security monitoring
IEEE/ACM Transactions on Networking (TON)
A hybrid intrusion detection system design for computer network security
Computers and Electrical Engineering
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Active learning for network intrusion detection
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
An efficient network intrusion detection
Computer Communications
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Alert verification evasion through server response forging
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
PAID: packet analysis for anomaly intrusion detection
PAKDD'08 Proceedings of the 12th Pacific-Asia conference on Advances in knowledge discovery and data mining
Classification of audio and video traffic over HTTP protocol
ISCIT'09 Proceedings of the 9th international conference on Communications and information technologies
Baseline traffic modeling for anomalous traffic detection on network transit points
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
Monitoring abnormal traffic flows based on independent component analysis
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
On mitigating sampling-induced accuracy loss in traffic anomaly detection systems
ACM SIGCOMM Computer Communication Review
KIDS: keyed intrusion detection system
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
What is the impact of p2p traffic on anomaly detection?
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A queue model to detect DDos attacks
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Dynamic feature analysis and measurement for large-scale network traffic monitoring
IEEE Transactions on Information Forensics and Security
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
A two-tier system for web attack detection using linear discriminant method
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Monitoring abnormal network traffic based on blind source separation approach
Journal of Network and Computer Applications
Learning web application firewall - benefits and caveats
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
ICCCI'11 Proceedings of the Third international conference on Computational collective intelligence: technologies and applications - Volume Part I
High-speed intrusion detection in support of critical infrastructure protection
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Clustering and classification based anomaly detection
FSKD'06 Proceedings of the Third international conference on Fuzzy Systems and Knowledge Discovery
Polymorphic code detection with GA optimized markov models
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
A new network anomaly detection technique based on per-flow and per-service statistics
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Applying genetic programming to evolve learned rules for network anomaly detection
ICNC'05 Proceedings of the First international conference on Advances in Natural Computation - Volume Part III
Enhanced network traffic anomaly detector
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
Revisiting traffic anomaly detection using software defined networking
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
Collaborative anomaly-based attack detection
IWSOS'07 Proceedings of the Second international conference on Self-Organizing Systems
A novel approach to visualize web anomaly attacks in pervasive computing environment
The Journal of Supercomputing
Fake View Analytics in Online Video Services
Proceedings of Network and Operating System Support on Digital Audio and Video Workshop
Hi-index | 0.00 |
Hostile network traffic is often "different" from benign traffic in ways that can be distinguished without knowing the nature of the attack. We describe a two stage anomaly detection system for identifying suspicious traffic. First, we filter traffic to pass only the packets of most interest, e.g. the first few packets of incoming server requests. Second, we model the most common protocols (IP, TCP, telnet, FTP, SMTP, HTTP) at the packet byte level to flag events (byte values) that have not been observed for a long time. This simple system detects 132 of 185 attacks in the 1999 DARPA IDS evaluation data set [5] with 100 false alarms, after training on one week of attack-free traffic.