Anomaly Detections in Internet traffic Using Empirical Measures
作者: R. Meena , S. Gopalakrishnan , A. S. Syed Navaz
DOI:
关键词: Data mining 、 Network element 、 Anomaly (natural sciences) 、 Computer science 、 Internet traffic 、 Anomaly detection
摘要: Introducing Internet traffic anomaly detection mechanism based on large deviations results for empirical measures. Using past traces we characterize network during various time-of-day intervals, assuming that it is anomaly-free. Throughout, compare the two approaches presenting their advantages and disadvantages to identify classify temporal anomalies. We also demonstrate how our framework can be used monitor from multiple elements in order both spatial validate techniques by analyzing real with time-stamped
arxiv.org
harvard.edu
128.84.21.199参考文章(10)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
Wassily Hoeffding, Asymptotically Optimal Tests for Multinomial Distributions Annals of Mathematical Statistics. ,vol. 36, pp. 431- 471 ,(1965) , 10.1007/978-1-4612-0865-5_28
Richard Lippmann, Joshua W Haines, David J Fried, Jonathan Korba, Kumar Das, The 1999 DARPA off-line intrusion detection evaluation recent advances in intrusion detection. ,vol. 34, pp. 579- 595 ,(2000) , 10.1016/S1389-1286(00)00139-0
Ofer Zeitouni, Amir Dembo, Large Deviations Techniques and Applications ,(1998)
Ioannis Ch. Paschalidis, Spyridon Vassilaras, Model-based estimation of buffer overflow probabilities from measurements Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems - SIGMETRICS '01. ,vol. 29, pp. 154- 163 ,(2001) , 10.1145/378420.378778
I.C. Paschalidis, S. Vassilaras, On the estimation of buffer overflow probabilities from measurements IEEE Transactions on Information Theory. ,vol. 47, pp. 178- 191 ,(2001) , 10.1109/18.904521
Paul Barford, Jeffery Kline, David Plonka, Amos Ron, A signal analysis of network traffic anomalies acm special interest group on data communication. pp. 71- 82 ,(2002) , 10.1145/637201.637210
Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, Somesh Jha, An architecture for generating semantics-aware signatures usenix security symposium. pp. 7- 7 ,(2005) , 10.21236/ADA449063