Detecting novel scans through pattern anomaly detection

Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2003

Volumn 1, Issue , 2003, Pages 140-151

  Valdes, A ^a  

^a SRI INTERNATIONAL   (United States)

Author keywords

Contracts; Distribution functions; Government; Intrusion detection; Libraries; Subcontracting; Telecommunication traffic; Trademarks; Traffic control; Training data

Indexed keywords

CONTRACTS; DISTRIBUTION FUNCTIONS; HYBRID SYSTEMS; INTRUSION DETECTION; LIBRARIES; TELECOMMUNICATION TRAFFIC; TRADEMARKS; TRAFFIC CONTROL; TRANSMISSION CONTROL PROTOCOL;

ANOMALY DETECTION; ANOMALY DETECTION METHODS; CATEGORICAL FEATURES; COMPETITIVE LEARNING; GOVERNMENT; LEARNED PATTERNS; SUBCONTRACTING; TRAINING DATA;

PATTERN RECOGNITION;

EID: 70449658940     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DISCEX.2003.1194880     Document Type: Conference Paper

References (17)

1. Agrawal, R., Imielinski, T., and Swami, A. "Mining Association Rules Between Sets of Items in Large Databases," Proceedings of the 1993 ACM SIGMOD Conference.
2. Cheeseman, P. "Bayesian Classification (Autoclass): Theory and Results", in Fayyad, U., Piatesky-Shapiro, G., and Uthurusamy, R., eds., "Advances in Knowledge Discovery and Data Mining". AAAI Press/MIT Press, 1996.
3. Dempster, A P., Laird, N. M., and Rubin, D. B. "Maximum Likelihood from Incomplete Data Sets by the EM Algorithm", Journal of the Royal Statistical Society 39(1): pp. 1-38, 1977.
4. Forest, S., Hofmeyr, S., Somayaji, A., and Longstaff, T. "A Sense of Self for Unix Processes," proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, May 1996.
5. Eskin, E., Arnold, A., Portnoy, L., and Stolfo, S. "A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data", http://www.cs.columbia.edu/~eeskin/
6. Grossberg, S. (ed.) "Neural Networks and Natural Intelligence," MIT Press, 1988.
7. Javitz, H. and Valdes, A. "The SRI IDES Statistical Anomaly Detector," Proceedings of the IEEE Symposium in Security and Privacy, Oakland, CA, May 1991.
8. Lee, W., Stolfo, S., and Mok, K. "A Data Mining Framework for Building Intrusion Detection Models," 1999 IEEE Symposium on Security and Privacy.
9. Lippmann, Richard, et al. "Evaluating Intrusion Detection Systems: The 1998 DARPA Off-Line Intrusion Detection Evaluation," Proceedings of DARPA Information Survivability Conference and Exposition, DISCEX'00, Jan 25-27, Hilton Head, SC, 2000, http://www.ll.mit.edu/IST/ideval/index.html
10. Maxion, R. and Tan, K. "Why 6? Defining the Operational Limits of STIDE, and Anomaly-Based Intrusion Detector," Proceedings of the 2002 IEEE Symposium on Security and Privacy, Berkeley, CA, May 2002.
11. McHugh, John, discussion at RAID 2001, Davis, CA, October 2001.
12. Rummelhart, D. and Zipser, D. "Feature Discovery by Competitive Learning," in Rummelhart, D. and McLelland, J., eds., "Parallel Distributed Processing," MIT Press, 1988
13. Silicon Defense. Statistical Portscan Intrusion Correlation Engine/Statistical Port Anomaly Detector. http://www.silicondefense.com/software/spice/index.htm
14. Tou, J. T., and Gonzalez, R. C. "Pattern Recognition Principles," Addison-Wesley, 1974.
15. Valdes, A. and Skinner, K. "Adaptive, Model-based Monitoring for Cyber Attack Detection," proceedings of "Recent Advances in Intrusion Detection (RAID 2000)," Toulouse, France, October 2000.
16. Warrender, C., Forest, S., and Pearlmutter, B. "Detecting Intrusions Using System Calls: Alternative Data Models," proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, May 1999.
17. Wespi, A., Dacier, M., and Debar, H. "Intrusion Detection Using Variable-Length Audit Trail Patterns," Proceedings of "Recent Advances in Intrusion Detection (RAID 2000)," Toulouse, France, October 2000.