An evaluation of connection characteristics for separating network attacks

International Journal of Security and Networks

Volumn 4, Issue 1-2, 2009, Pages 110-124

  Berthier, Robin ^a   Cukier, Michel ^a  

^a UNIVERSITY OF MARYLAND   (United States)

Author keywords

Attack characteristics; Data mining; Honeypot; Statistical analysis

Indexed keywords

DATA MINING; EFFICIENCY; NETWORK SECURITY; STATISTICAL METHODS; STATISTICAL TESTS;

ATTACK CHARACTERISTICS; DIFFERENT ATTACKS; HONEYPOTS; MALICIOUS TRAFFIC; NETWORK ATTACK; TCP PORTS; TIME BASED;

SEPARATION;

EID: 61849085156     PISSN: 17478405     EISSN: 17478413     Source Type: Journal    
DOI: 10.1504/IJSN.2009.023430     Document Type: Article

References (36)

1. Arce, I. and Levy, E. (2003) 'An analysis of the Slapper worm', Security and Privacy Magazine, IEEE, Vol. 1, pp.82-87.
2. Bailey, M., Cooke, E., Watson, D., Jahanian, F. and Provos, N. (2004) A Hybrid Honeypot Architecture for Scalable Network Monitoring, Department of Electrical Engineering, University of Michigan, Technical Report CSE-TR, pp.499-504.
3. Dokas, P., Ertoz, L., Kumar, V., Lazarevic, A., Srivastava, J. and Tan, P. (2002) 'Data mining for network intrusion detection', Proceedings of NSF Workshop on Next Generation Data Mining, Baltimore.
4. Duda, R. and Hart, P. (1973) Pattern Classification and Scene Analysis, Wiley, New York.
5. Eskin, E., Arnold, A., Prerau, M., Portnoy, L. and Stolfo, S. (2002) 'A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data', Applications of Data Mining in Computer Security, Kluwer.
6. Gomez, J., Gonzalez, F. and Dasgupta, D. (2003) 'An immuno-fuzzy approach to anomaly detection', The 12th IEEE International Conference on Fuzzy Systems, Vol. 2, pp.1219-1224.
7. Guan, Y., Ghorbani, A. and Belacel, N. (2003) 'Y-means: A clustering method for intrusion detection', Proceeding of IEEE Canadian Conference on Electrical and Computer Engineering, Montreal, Canada, Vol. 2, pp.1083-1086.
8. Hertel, C. (2003) Implementing Cifs: The Common Internet File System Prentice-Hall, PTR.
9. Honeyd (2006) World Wide Web, http://www.honeyd.org
10. IDSeval (1998) World Wide Web, http://www.ll.mit.edu/mission/ communications/ist/corpora/ideval/docs/index.html
11. Jiang, X. and Xu, D. (2005) Behavioral Footprinting: A New Dimension to Characterize Self-Propagating Worms, Department of Computer Science, Purdue University, Technical Report CSD TR, pp.5-27.
12. KDDcup (1999) World Wide Web, http://kdd.ics.uci.edu/databases/ kddcup99/kddcup99.html
13. Kreibich, C. and Crowcroft, J. (2004) 'Honeycomb: Creating intrusion detection signatures using honeypots', ACM SIGCOMM Computer Communication Review, Vol. 34, pp.51-56.
14. Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., Hershkop, S. and Zhang, J. (2001) 'Real time data mining-based intrusion detection', Proceedings of DISCEX II, Anaheim, CA, USA, Vol. 1, pp.89-100.
15. Lu, W. and Traore, I. (2005) 'A new unsupervised anomaly detection framework for detecting network attacks in real-time', Lecture Notes in Computer Science, Vol. 3810, p.96.
16. MacQueen, J. (1967) 'Some methods for classification and analysis of multivariate observations', Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Berkeley, CA, USA, Vol. 1, pp.281-297.
17. Mai, Y., Upadrashta, R. and Su, X. (2004) 'J-Honeypot: A java-based network deception tool with monitoring and intrusion detection', Proceedings of International Conference on Information Technology: Coding and Computing, Las Vegas, NV, USA, Vol. 1, pp.804-808.
18. McHugh, J. (2000) 'Testing intrusion detection systems: A critique of the 1998 and 1999 darpa off-line intrusion detection system evaluation as performed by Lincoln laboratory', ACM Transactions on Information and System Security, Vol. 3, No. 4, pp.262-294.
19. NetworkComputing (2006) World Wide Web, http://www.network computing.com/alertcon/
20. Norton, (2006) World Wide Web, http://www.norton.com
21. Panjwani, S., Tan, S., Jarrin, K. and Cukier, M. (2005) 'An experimental evaluation to determine if port scans are precursors to an attack', Proceedings of International Conference on Dependable Systems and Networks, Yokohama, Japan, pp.602-611.
22. Petrovic, S., Alvarez, G., Orfila, A. and Carbo, J. (2006) 'Labelling clusters in an intrusion detection system using a combination of clustering evaluation techniques', Proceedings of the 39th Annual Hawaii International Conference on System Sciences, Hawaii, USA, Vol. 6, p.129.2.
23. Portnoy, L., Eskin, E. and Stolfo, S. (2001) 'Intrusion detection with unlabeled data using clustering', Proceedings of ACM CSS Workshop on Data Mining Applied to Security, Philadelphia, PA, USA, pp.76-105.
24. Pouget, F. and Dacier, M. (2004) 'Honeypot-based forensics', Asia Pacific Information Technology Security Conference, Brisbane, Australia.
25. SANS (2006) World Wide Web, http://www.sans.org
26. SANS:sUrvival (2006) World Wide Web, http://isc.sans.org/ survivaltime.html
27. Tang, Y., Hu, H., Lu, X. and Wang, J. (2006) 'HonIDS: Enhancing honeypot system with intrusion detection models', Proceedings of the Fourth IEEE International Workshop on Information Assurance, Royal Holloway, UK, p.9.
28. Taylor, C. and Alves-Foss, J. (2002) 'An empirical analysis of NATE: network analysis of anomalous traffic events', Proceedings of the 2002 Workshop on New Security Paradigms, Virginia Beach, VA, USA, pp.18-26.
29. Tber, R. (2005) A Practical Comparison of Low and High Interactivity Honeypots, Master Thesis, Eurecom Institute, University of Nice Sophia-Antipolis and Information Security Institute, Queensland University of Technology.
30. Thakar, U., Varma, S. and Ramani, A. (2005) 'HoneyAnalyzer - analysis and extraction of intrusion detection patterns & signatures using honeypot', Proceedings of the Second International Conference on Innovations in Information Technology, Dubai, UAE.
31. Wang, K. and Stolfo, S. (2004) 'Anomalous payload-based network intrusion detection', Proceedings of the Seventh International Symposium on Recent Advance in Intrusion Detection, Sophia Antipolis, France, pp.203-222.
32. Weka (2006) World Wide Web, http://www.cs.waikato.ac.nz/ml/weka
33. Wireshark (2005) World Wide Web, http://www.wireshark.org
34. Witten, I. and Frank, E. (1999) Data Mining: Practical Machine Learning Tools and Techniques with Java Implementations, Morgan Kaufmann Publishers, San Fancisco, CA, USA.
35. Yin, C., Li, M., Ma, J. and Sun, J. (2004) 'Honeypot and scan detection in intrusion detection system', Canadian Conference on Electrical and Computer Engineering, Vol. 2, Niagara Falls, Ontario, Canada, pp.1107-1110.
36. Zhong, S., Khoshgoftaar, T. and Nath, S. (2005) 'A clustering approach to wireless network intrusion detection', 17th IEEE International Conference on Tools with Artificial Intelligence, Honk Kong, China, pp.190-196.