A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
作者: Ayesha Binte Ashfaq , Maria Joseph Robert , Asma Mumtaz , Muhammad Qasim Ali , Ali Sajjad
DOI: 10.1007/978-3-540-87403-4_19
关键词:
摘要: Since the seminal 1998/1999 DARPA evaluations of intrusion detection systems, network attacks have evolved considerably. In particular, after CodeRed worm 2001, volume and sophistication self-propagating malicious code threats been increasing at an alarming rate. Many anomaly detectors proposed, especially in past few years, to combat these new emerging attacks. At this time, it is important evaluate existing determine learn from their strengths shortcomings. paper, we performance eight prominent network-based under portscan These ADSs are evaluated on four criteria: accuracy (ROC curves), scalability (with respect varying normal attack traffic rates, deployment points), complexity (CPU memory requirements during training classification,) delay. criteria using two independently collected datasets with complementary strengths. Our results show that a provide high one datasets, but unable scale across datasets. Based our experiments, identify promising guidelines improve future detectors.
springer.com
sci-hub.st 参考文章(47)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Levent Ertöz, Aleksandar Lazarevic, Vipin Kumar, Jaideep Srivastava, Aysel Ozgur, A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. siam international conference on data mining. pp. 25- 36 ,(2003)
Philip K. Chan, Matthew V. Mahoney, PHAD: packet header anomaly detection for identifying hostile network traffic ,(2001)
Peter Mell, Vincent Hu, Richard Lippmann, Josh Haines, Marc Zissman, An Overview of Issues in Testing Intrusion Detection Systems NIST Interagency/Internal Report (NISTIR) - 7007. ,(2003) , 10.6028/NIST.IR.7007
Greg Shipley, Patrick Mueller, Cover story: dragon claws its way to the top Network Computing archive. ,vol. 12, pp. 45- 67 ,(2001)
John McHugh, The 1998 Lincoln Laboratory IDS Evaluation recent advances in intrusion detection. pp. 145- 161 ,(2000) , 10.1007/3-540-39945-3_10
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Gregory R. Ganger, Stanley M. Bielski, Gregg Economou, Self-Securing Network Interfaces: What, Why and How? ,(2002)
Stuart E. Schechter, Jaeyeon Jung, Arthur W. Berger, Fast Detection of Scanning Worm Infections recent advances in intrusion detection. pp. 59- 81 ,(2004) , 10.1007/978-3-540-30143-1_4
Stefan Axelsson, Intrusion Detection Systems: A Survey and Taxonomy ,(2002)