An application of information theory to intrusion detection

Proceedings - Fourth IEEE International Workshop on Information Assurance, IWIA 2006

Volumn 2006, Issue , 2006, Pages 119-134

  Eiland, E Earl ^a   Liebrock, Lorie M ^a  

^a NEW MEXICO INSTITUTE OF MINING AND TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTATIONAL METHODS; COMPUTER CRIME; DATA COMPRESSION; INTERNET; SECURITY OF DATA; TELECOMMUNICATION TRAFFIC;

COMPRESSION TESTS; INTERNET TRAFFIC; INTRUSION DETECTION;

INFORMATION THEORY;

EID: 33750956035     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IWIA.2006.3     Document Type: Conference Paper

References (39)

1. V. Barnett and T. Lewis. Outliers in Statistical Data. Wiley Series in Probability and Mathematical Statistics. John Wiley & Sons, Chinchester, West Sussex, England, third edition, 2000.
2. C. H. Bennett, P. G'acs, M. Li, P. M. B. Vitanyi, and W. H. Zuerk. Information distance. IEEE Transactions on Information Theory, 44(4): 1407-1423, 1998.
3. W. Bergmans. Maximum compression. http://www.maximumcompression.com, October 27, 2005. Eindhoven, Netherlands.
4. P. Bogaerts. Hping tutorial. http://www.radarhack.com/dir/papers/ hping2_v1.5.pdfl, November 26, 2005.
5. S. F. Bush and S. C. Evans. Information assurance design and assessment. Final report, General Electric Research and Development Center, August 2001.
6. G. Casela and R. L. Berger. Statistical Inference. Duxbury Press, Pacific Grove, Cal., second edition, 2001.
7. B. Cashell, W. D. Jackson, M. Jickling, and B. Webel. The economic impact of cyber-attacks. CRS Report for Congress RL32331, Congressional Research Service The Library of Congress, April 2004.
8. S. Chebrolu, A. Abraham, and J. P. Thomas. Feature deduction and ensemble design of intrusion detection systems. Computers & Security, 24:295-307, June 2005.
9. T. M. Cover and J. A. Thomas. Elements of Information Theory. Wiley Series in Telecommunications. John Wiley and Sons, Inc., New York, 1991.
10. D. Curry. Intrusion detection systems. http://www.cerias.purdue.edu/ about/history/coast_resources/idcontent/ids.html, February 2, 2006. the Center for Education and Research in Information Assurance (CERIAS), Purdue University, West Lafayette, Indiana.
11. D. E. Denning. Information Warfare and Security. Addison-Wesley, 2001.
12. S. C. Evans. Kolmogorov Complexity Estimation and Application for Information System Security. PhD thesis, Rensselaer Polytechnic Institute, July 2003.
13. S. C. Evans and B. Barnett. Network security though conservation of complexity. In Proceedings of MILCOM, The Disneyland Resort, Anaheim, California, October 2003.
14. S. C. Evans, S. F. Bush, and J. Hershey. Information assurance through kolmogorov complexity. In Proceedings of DARPA Information Survivability Conference and Exposition II, pages 322-331, Anaheim, California, June 2001.
15. S. C. Evans and J. Hershey. A two-stage complexity estimator. Technical Information Series 2002GRC197, General Electric Research and Development Center, August 200.
16. fyodor. Port scanning techniques. http://www.insecure.org/nmap/man/man- port-scanning-techniques.html, November 26, 2005.
17. J. Gilchrist. Archive compression test. http://www.compression.ca/act, August 30, 2005. the Carleton University, 1125 Colonel By Drive, Ottowa, Ontario, K1S5B6, Canada.
18. S. Goel and S. F. Bush. Kolmogorov complexity estimates for detection of viruses in biologically inspired security systems: A comparison with traditional approaches. Complexity, 9(2):54-73, 2003.
19. E. Jonckheere, K. Shah, and S. Bohacek. Dynamic modeling of internet traffic for intrusion detection. In Proceedings of IEEE American Controls Conference, Anchorage, Alaska, July 2001.
20. A. K. Jones and R. Sielken. Computer system intrusion detection: A survey. Technical report, University of Virgina, 2000.
21. E. Jonsson and T. Olovsson. A quantitative model of the security intrusion process based on attacker bahavior. IEEE Transactions on Software Engineering, 23:235-245, 1997.
22. JWS. Tcpdump public repository. http://www.tcpdump.org/, August 30, 2005.
23. W. Kirchherr, M. Li, and P. Vitanyi. The miraculous universal distribution. The Mathematical Intelligencer, 19(4):7-15, 1997.
24. A. N. Kolmogorov. Three approaches to the quantitative definition of information. Problems of Information Transmission, 1:4-7, 1965.
25. A. N. Kolmogorov. Logical basis for information theory and probability theory. IEEE Transactions on Information Theory, IT-14:662-664, 1968.
26. V. Kreinovich, S. F. Luc Longpre, and L. Ginzburg. Why is selecting the simplest hypothesis (consistent with data) a good idea? a simple explanation. Bulletin of the European Association for Theoretical Computer Science (EATCS), 77:191-794, 2002.
27. A. Kulkarni, S. F. Bush, and S. C. Evans. Detecting distributed denial of service attacks using kolmogorov complexity. Technical Information Series 2001crd176, General Electric Research and Development Center, December 2001.
28. A. Lazarevic, L. Ertoz, A. Ozgur, J. Srivastava, and V. Kumar. A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of Third SIAM Conference on Data Mining, San Francisco, California, May 2003.
29. W. Lee and D. Xiang. Information-theoretic measures for anomaly detection. In Proceedings of IEEE Symposium on Security & Privacy, 2001.
30. P. Mahalanobis. On the generalized distance in statistics. Proceedings of the National Institute of Scienceof India, 2:49-55, 1936.
31. M. Mahoney. The paq data compression programs. http://www.cs.fit.edu/ mmahoney/compression/, October 27, 2005. the Florida Institute of Technology, 150 W. University Blvd. Melbourne, FL 32901, USA.
32. M. V. Mahoney. A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network traffic. PhD thesis, Florida Institute of Technology, May 2003.
33. A. Matrawy, P. van Oorschot, and A. Somayaji. Mitigating network denial of service through diversity-based traffic management. In Proceedings of Applied Cryptography and Network Security: Third International Conference (ACNS 2005), number LNCS 3531, pages 104-121, New York, New York, June 7-10 2005. Springer.
34. M. Nelson. Benchmarks. http://www.data-compression.info/Benchmarks.shtml, October 27, 2005. the Visicron Corp., 3 Bethesda Metro Center, Suite #700, Bethesda, Maryland, 20814, USA.
35. R. W. Potter. The Art of Measurement Theory and Practice. Hewlett-Packard Professional Books. Prentice Hall PTR, Upper SaddleRiver, New Jersey, 2000.
36. M. Powell. Canterbury corpus. http://www.corpus.canterbury.ac.nz, October 27, 2005. the Department of Computer Science and Software Engineering, University of Canterbury, Christchurch, New Zealand.
37. R. L. Schaeffer. Introduction to Probability and Its Applications. Duxbury Press, Belmont, California, second edition, 1995.
38. A. H. Sung and S. Mukkamala. Identifying important features for intrusion detection using support vector machines and neural networks. In Proceedings of International Symposium on Applications and the Internet (SAINT 2003), volume 17, page 209, 2003.
39. K. Wang and S. J. Stolfo. Anomalous payload-based network intrusion detection. In Proceedings of RAID'04, Sophia Antipolis, French Riviera, France, September 15-17 2004.