DETECTING ANOMALOUS TRAFFIC USING STATISTICAL PROCESSING AND SELF-ORGANIZING MAPS

Paola Baldassarri, Anna Montesanto, Paolo Puliti

Abstract

The main idea of the present work is to create a system able to detect intrusions in computer networks. For this purpose we propose a novel intrusion detection system (IDS) based on an anomaly approach. We analyzed the network traffic from (outbound traffic) and towards (inbound traffic) a victim host through another host. Besides we realized an architecture consisted of two subsystems: a statistical subsystem and a neural networks based subsystem. The first elaborates chosen features extracted from the network traffic and it allows determining if an attack occurs through a preliminary visual inspection. The neural subsystem receives in input the output of the statistical subsystem and it has to indicate the status of the monitored host. It classifies the network traffic distinguishing the background traffic from the anomalous one. Moreover the system has to be able to classify different instances of the same attack in the same class, distinguishing in a completely autonomous way different typology of attack.

References

  1. Cabrera, J.B.D., Bavichandran, B., Mehra, R.K., 2000. Statistical Traffic Modeling for Network Intrusion Detection. Proceedings of 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication systems:466-473.
  2. DeLooze, L.L., 2006. Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps. Proceedings of International Joint Conference on Neural Networks, Vancouver (Canada):2121-2128.
  3. Depren, O., Topallar, M., Anarim, E., Ciliz, M.K., 2005. An Intelligent Intrusion Detection System (IDS) for Anomaly and Misuse Detection in Computer Networks. Expert System with Applications, 29:713-722.
  4. Ghosh, A.K., Michael, C., Schatz, M., 2000. A Real-Time Intrusion Detection System Based on Learning Program Behavior. Proceedings of the 3rd International Symposium on Recent Advances in Intrusion Detection:93-109.
  5. Ghosh, A.K., Wanken, J., Charron, F., 1998. Detection Anomalous and Unknown Intrusions Against Programs. Proceedings of IEEE 14th Annual Computer Security Applications Conference:259-267.
  6. Haines, J.W., Lippmann, R.P., Fried, D.J., Tran, E., Boswell, S., Zissman, M.A., 1999. 1999 DARPA Intrusion Detection System Evaluation: Design and Procedures. MIT Lincoln Laboratory Technical Report.
  7. Kohonen, T., 2001. Self-Organizing Maps. 3rd edition, Springer-Verlag, Berlino.
  8. Labib, K., Vemuri, V.R., 2004. Detecting and Visualizing Denial-of-Service And Network Probe Attacks Using Principal Component Analysis. SAR'04 the 3rd Conference on Security and Network Architectures.
  9. Lee, W., Stolfo, S.J., Mok, K.,1999. A Data Mining Framework for Building Intrusion Detection Models. Proceedings of 1999 IEEE Symposium of Security and Privacy:120-132.
  10. Mahoney, M.V., Chan, P.K., 2003. An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. Proceeding of Recent Advances in Intrusion Detection (RAID)-2003 LNCS 2820:220-237.
  11. Valdes, A., Anderson, D., 1995. Statistical Methods for Computer Usage Anomaly Detection Using NIDES. Technical Report, SRI International.
  12. Vigna, G., Kemmerer, R.A., 1998. NetSTAT a networkbased Intrusion Detection Approach. Proceedings of 14th Annual Computer Security Applications Conference:25-34.
  13. Ye, N., Emran, S.M., Chen, Q., Vilbert, S., 2002. Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection. IEEE Transactions on computers, 51(7):810-820.
  14. Zhang, Z., Li, J., Manikopoulos, C.N., Jorgenson, J., Ucles, J., 2001. Neural Networks in Statistical Anomaly Intrusion Detection. Neural Network Word, International Journal of Non-Standard Computing and Artificial Intelligence, 11(3):305-316
Download


Paper Citation


in Harvard Style

Baldassarri P., Montesanto A. and Puliti P. (2007). DETECTING ANOMALOUS TRAFFIC USING STATISTICAL PROCESSING AND SELF-ORGANIZING MAPS . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 74-79. DOI: 10.5220/0002123500740079


in Bibtex Style

@conference{secrypt07,
author={Paola Baldassarri and Anna Montesanto and Paolo Puliti},
title={DETECTING ANOMALOUS TRAFFIC USING STATISTICAL PROCESSING AND SELF-ORGANIZING MAPS},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={74-79},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002123500740079},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - DETECTING ANOMALOUS TRAFFIC USING STATISTICAL PROCESSING AND SELF-ORGANIZING MAPS
SN - 978-989-8111-12-8
AU - Baldassarri P.
AU - Montesanto A.
AU - Puliti P.
PY - 2007
SP - 74
EP - 79
DO - 10.5220/0002123500740079