Boundary detection in tokenizing network application payload for anomaly detection
作者: Philip K. Chan , Rachna Vargiya
DOI:
关键词:
摘要: Most of the current anomaly detection methods for network traffic rely on packet header studying behavior. We believe that significant information lies in payload and hence it is important to model as well. Since many protocols exist new are frequently introduced, parsing based protocol specification time-consuming. Instead relying specification, we propose four different characteristics streams bytes, which can help us develop algorithms into tokens. feed extracted tokens from algorithm. Our empirical results indicated our techniques extract improve rate.
fit.edu参考文章(10)
Yihua Liao, V. Rao Vemuri, Using Text Categorization Techniques for Intrusion Detection usenix security symposium. pp. 51- 59 ,(2002)
Paul Cohen, Brent Heeringa, Niall M. Adams, An Unsupervised Algorithm for Segmenting Categorical Timeseries into Episodes Lecture Notes in Computer Science. pp. 49- 62 ,(2002) , 10.1007/3-540-45728-3_5
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Richard Lippmann, Joshua W Haines, David J Fried, Jonathan Korba, Kumar Das, The 1999 DARPA off-line intrusion detection evaluation recent advances in intrusion detection. ,vol. 34, pp. 579- 595 ,(2000) , 10.1016/S1389-1286(00)00139-0
C. G. Nevill-Manning, I. H. Witten, Identifying hierarchical structure in sequences: a linear-time algorithm Journal of Artificial Intelligence Research. ,vol. 7, pp. 67- 82 ,(1997) , 10.1613/JAIR.374
C.C. Michael, Finding the vocabulary of program behavior data for anomaly detection darpa information survivability conference and exposition. ,vol. 1, pp. 152- 163 ,(2003) , 10.1109/DISCEX.2003.1194881
A. Valdes, Detecting novel scans through pattern anomaly detection darpa information survivability conference and exposition. ,vol. 1, pp. 140- 151 ,(2003) , 10.1109/DISCEX.2003.1194880
Andreas Wespi, Marc Dacier, Hervé Debar, Intrusion Detection Using Variable-Length Audit Trail Patterns recent advances in intrusion detection. pp. 110- 129 ,(2000) , 10.1007/3-540-39945-3_8
Susan Dumais, John Platt, David Heckerman, Mehran Sahami, Inductive learning algorithms and representations for text categorization conference on information and knowledge management. pp. 148- 155 ,(1998) , 10.1145/288627.288651
Philip K. Chan, Matthew V. Mahoney, Learning Models of Network Traffic for Detecting Novel Attacks ,(2002)