A NETWORK-BASED ANOMALY DETECTION SYSTEM USING MULTIPLE NETWORK FEATURES

Yuji Waizumi, Yohei Sato, Yoshiaki Nemoto

Abstract

Accuracy of anomaly-based intrusion detection greatly depends on features, the numerical values representing characteristics of network traffic. In order to increase accuracy, it is necessary to choose appropriate features that can correctly detect anomalous events. In this paper, we stress the fact that a specific kind of anomaly changes specific features. We propose a highly accurate and robust intrusion detection system using multiple features. Each feature is used for evaluating anomalous events independently by a statistical detection method. Through experiments, we investigate the accuracy of the proposed scheme.

References

  1. Barbara, D., Jajodia, S., Wu, N., and Speegle, B. (2001). Adam: Detecting intrusions by data mining.
  2. Brownlee, N. (1998). Network management and realtime traffic flow measurement. Journal of Network and Systems Management, 6(2):223-227.
  3. DARPA (1999). Mit lincoln laboratory - darpa intrusion detection evaluation. http://www.ll.mit.edu/ IST/ideval/.
  4. Debra, A., F.Lunt, T., Tamaru, H. J. A., and Valdes, A. (1995). Detecting unusual program behavior using the statistical component of the nextgeneration intrusion detection expert system(nides). Technical report.
  5. Mahoney, M. V. and Chan, P. K. (2001). Detecting novel attacks by identifying anomalousnetwork packet headers. Technical report.
  6. M.Mahoney (2003). Network traffic anomaly detection based on packet bytes. In ACM-SAC, pages 346-350.
  7. Neumann, P. and Porras, P. (1999). Experience with emerald to date. In Proceedings of First USENIX Workshop on Intrusion Detection and Network Monitoring, pages 73-80.
  8. OIKAWA, T., WAIZUMI, Y., OHTA, K., KATO, N., and NEMOTO, Y. (2002). Network anomaly detection using statistical clustering method. Technical report.
  9. R., L. and et al (2000). The 1999 darpa off-line intrusion detection evaluation. 34:579-595.
  10. Tyson, M., Berry, P., Williams, N., Moran, D., and Blei, D. (2000). Derbi: Diagnosis, explanation and recovery from computer break-ins. Technical report.
  11. Vigna, G., Eckmann, S., and Kemmerer, R. (2000). The stat tool suite. In Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX).
Download


Paper Citation


in Harvard Style

Waizumi Y., Sato Y. and Nemoto Y. (2007). A NETWORK-BASED ANOMALY DETECTION SYSTEM USING MULTIPLE NETWORK FEATURES . In Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-972-8865-77-1, pages 410-413. DOI: 10.5220/0001279304100413


in Bibtex Style

@conference{webist07,
author={Yuji Waizumi and Yohei Sato and Yoshiaki Nemoto},
title={A NETWORK-BASED ANOMALY DETECTION SYSTEM USING MULTIPLE NETWORK FEATURES},
booktitle={Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2007},
pages={410-413},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001279304100413},
isbn={978-972-8865-77-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - A NETWORK-BASED ANOMALY DETECTION SYSTEM USING MULTIPLE NETWORK FEATURES
SN - 978-972-8865-77-1
AU - Waizumi Y.
AU - Sato Y.
AU - Nemoto Y.
PY - 2007
SP - 410
EP - 413
DO - 10.5220/0001279304100413