Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

A New Network Anomaly Detection Technique Based on Per-Flow and Per-Service Statistics

  • Conference paper
Computational Intelligence and Security (CIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3802))

Included in the following conference series:

  • 942 Accesses

Abstract

In the present network security management, improvements in the performances of Intrusion Detection Systems(IDSs) are strongly desired. In this paper, we propose a network anomaly detection technique which can learn a state of network traffic based on per-flow and per-service statistics. These statistics consist of service request frequency, characteristics of a flow and code histogram of payloads. In this technique, we achieve an effective definition of the network state by observing the network traffic according to service. Moreover, we conduct a set of experiments to evaluate the performance of the proposed scheme and compare with those of other techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Anderson, D., Lunt, T.F., Javits, H., Tamaru, A., Valdes, A.: Detecting unusual program behavior using the statistical component of the Nextgeneration Intrusion Detection Expert System(NIDES). Computer Science Laboratory SRI-CSL 95-06 ( May 1995)

    Google Scholar 

  2. SPADE, Silicon Defense, http://www.silicondefense.com/software/spice/

  3. RTFM, http://www.auckland.ac.nz/net/Internet/rtfm/

  4. DARPA off-line intrusion detection evaluation test set (1999), http://www.ll.mit.edu/IST/ideval/index.html

  5. Mahoney, M.V., Chan, P.K.: Detecting Novel Attacks by Identifying AnomalousNetwork Packet Headers. Florida Institute of Technology Technical Report CS-2001-2 (2001)

    Google Scholar 

  6. Mahoney, M.: Network Traffic Anomaly Detection Based on Packet Bytes. Proc. ACM-SAC, 346–350 (2003)

    Google Scholar 

  7. Mahoney, M.V., Chan, P.K.: Learning Nonstationary Models of Normal Network Traffic for Detarcting Novel Attacks. In: SIGKDD 2002, Edmonton, Alberta, Canada, July 23-26 (2002)

    Google Scholar 

  8. Neumann, P., Porras, P.: Experience with EMERALD to DATE. In: Proceedings 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April 1999, pp. 73–80 (1999), http://www.sdl.sri.com/projects/emerald/inde.html

  9. Vigna, G., Eckmann, S.T., Kemmerer, R.A.: The STAT Tool Suite. In: Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX). IEEE Press, Los Alamitos (2000)

    Google Scholar 

  10. Sekar, R., Uppuluri, P.: Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications. In: Proceedings 8th Usenix Security Symposium, Washington, D.C. (Augest 1999), http://rcs-sgi.cs.iastate.edu/sekar/abs/usenixsec99.htm

  11. Jajodia, S., Barbara, D., Speegle, B., Wu, N.: Audit Data Analysis and Mining (ADAM) (April 2000), Project described in, http://www.isse.gmu.edu/~dbarbara/adam.html

  12. Tyson, M., Berry, P., Williams, N., Moran, D., Blei, D.: DERBI: Diagnosis, Explanation and Recovery from computer Break-Ins (April 2000), project described in, http://www.ai.sri.com/~derbi/

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information Sciences(GSIS), Tohoku University, Aza Aoba 6-6-05, Aobaku, Sendai, Miyagi, 980-8579, Japan

    Yuji Waizumi, Nei Kato & Yoshiaki Nemoto

  2. DAI NIPPON PRINTING CO., LTD., 1-1, Ichigaya Kagacho 1-chome, Shinjuku-ku, Tokyo, 162-8001, Japan

    Daisuke Kudo

Authors
  1. Yuji Waizumi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daisuke Kudo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nei Kato
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yoshiaki Nemoto
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microelectronic Instiute, Xidian University, 710071, Xi’an, China

    Yue Hao

  2. Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong

    Jiming Liu

  3. School of Computer Science and Technology, Xidian University, Xi’an, China

    Yu-Ping Wang

  4. Department of Computer Science, Hong Kong Baptist University, Hong Kong,  

    Yiu-ming Cheung

  5. School of Electrical and Electronic Engineering, University of Manchester, UK

    Hujun Yin

  6. Life Science Research Center, School of Electronic Engineering, Xidian University, 710071, Xi’an, Shaanxi, China

    Licheng Jiao

  7. Key Laboratory of Computer Networks and Information Security(Ministry of Education), Xidian University, 710071, Xi’an, China

    Jianfeng Ma

  8. National Laboratory of Antennas and Microwave Technology, Xidian University, 710071, Xi’an, Shanxi, P.R. China

    Yong-Chang Jiao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Waizumi, Y., Kudo, D., Kato, N., Nemoto, Y. (2005). A New Network Anomaly Detection Technique Based on Per-Flow and Per-Service Statistics. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_37

Download citation

  • DOI: https://doi.org/10.1007/11596981_37

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30819-5

  • Online ISBN: 978-3-540-31598-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation