Statistical Anomaly Detection on Real e-Mail Traffic
作者: Maurizio Aiello , Davide Chiarella , Gianluca Papaleo
DOI: 10.1007/978-3-540-88181-0_22
关键词: Anomaly (natural sciences) 、 OSI model 、 Layer (object-oriented design) 、 Set (abstract data type) 、 Engineering 、 Data mining 、 Anomaly detection 、 Intrusion detection system 、 Server 、 Field (computer science)
摘要: There are many recent studies and proposal in Anomaly Detection Techniques, especially worm virus detection. In this field it does matter to answer few important questions like at which ISO/OSI layer data analysis is done approach used. Furthermore these works suffer of scarcity real due lack network resources or privacy problem: almost every work sector uses synthetic (e.g. DARPA) pre-made set data. Our study based on seven quantities (number e-mail sent a chosen period): we analyzed quantitatively our traffic (4 SMTP servers, 10 class C networks) applied method gathered detect indirect infection (worms use spread infection). The threshold and, dataset, identified various activities. document show results order stimulate new approaches debates Intrusion Techniques.
springer.com
sci-hub.st 参考文章(20)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Paul C. van Oorschot, Evangelos Kranakis, David Whyte, DNS-based Detection of Scanning Worms in an Enterprise Network. network and distributed system security symposium. ,(2005)
Eugene H. Spafford, Sandeep Kumar, A Software Architecture to Support Misuse Intrusion Detection ,(1995)
Stefan Axelsson, Intrusion Detection Systems: A Survey and Taxonomy ,(2002)
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Juan M. Estevez-Tapiador, Pedro Garcia-Teodoro, Jesus E. Diaz-Verdejo, Anomaly detection methods in wired networks: a survey and taxonomy Computer Communications. ,vol. 27, pp. 1569- 1584 ,(2004) , 10.1016/J.COMCOM.2004.07.002
Theuns Verwoerd, Ray Hunt, Intrusion detection techniques and approaches Computer Communications. ,vol. 25, pp. 1356- 1365 ,(2002) , 10.1016/S0140-3664(02)00037-3
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056
Georgios Portokalidis, Herbert Bos, SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots Computer Networks. ,vol. 51, pp. 1256- 1274 ,(2007) , 10.1016/J.COMNET.2006.09.005
D. Geer, Behavior-based network security goes mainstream IEEE Computer. ,vol. 39, pp. 14- 17 ,(2006) , 10.1109/MC.2006.84