The nature of mathematical modeling
The nature of mathematical modeling
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
White-hat security arsenal: tackling the threats
White-hat security arsenal: tackling the threats
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Active Mapping: Resisting NIDS Evasion without Altering Traffic
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Using Conservation of Flow as a Security Mechanism in Network Protocols
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
An adaptive approach to granular real-time anomaly detection
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
| Hi-index | 0.00 |
This paper presents a model for real-time network monitoringand anomaly detection that provides a holistic viewof network conversation exchanges. We argue that monitoringand anomaly detection are necessary mechanisms forensuring secure and dependable network computing infrastructure.The model for network traffic exchange is basedon a modified Ehrenfest urn model. The motivation forthe model is heavily influenced by the success of statisticalphysics to provide macrostate descriptions of physical systemswhen the exact microstate parameters of each elementin the system precludes understanding from first principles.The conversation exchange dynamics model for real-timenetwork monitoring and anomaly detection is formally described.The model induces a unique real-time visualizationcapability for network monitoring and detection of anomalousevents. An implementation of the model and visualizationcapability is presented along with laboratory tests andsuccessful detection of real world events, including a CodeRed worm attack.