Network anomaly detection through nonlinear analysis

Computers and Security

Volumn 29, Issue 7, 2010, Pages 737-755

  Palmieri, Francesco ^a   Fiore, Ugo ^a  

^a UNIVERSITY OF NAPLES FEDERICO II   (Italy)

Author keywords

Anomaly detection; Non stationarity; Nonlinear analysis; Recurrence quantification analysis; Support vector machines

Indexed keywords

ANOMALOUS BEHAVIOR; ANOMALY DETECTION; ATTACK MECHANISM; IP TRAFFIC FLOWS; NETWORK ANOMALIES; NETWORK ANOMALY DETECTION; NETWORK TRAFFIC; NETWORK-BASED; NON-STATIONARITIES; NONLINEAR TECHNIQUES; NONSTATIONARY; NORMAL BEHAVIOR; RECURRENCE QUANTIFICATION ANALYSIS; STATISTICAL PROPERTIES; STRUCTURAL PARTS; SYSTEM VULNERABILITY; THREATS AND ATTACKS; TIME CORRELATIONS; TRAFFIC ANOMALIES; TRAFFIC DYNAMICS; TRAFFIC PATTERN; TRAFFIC TIME SERIES; TRANSITION PATTERNS;

INTERNET PROTOCOLS; TIME SERIES; TIME SERIES ANALYSIS; TRAFFIC SURVEYS;

NONLINEAR ANALYSIS;

EID: 77956393826     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2010.05.002     Document Type: Article

References (60)

1. Anderson D, et al. Detecting unusual program behavior using the statistical component of the Next-generation Intrusion Detection Expert System (NIDES). Computer Science Laboratory SRI-CSL 95-06, 1995.
2. Brutlag J. Aberrant behavior detection in time series for network monitoring. USENIX fourteenth system administration conference LISA XIV, 2000.
3. D. Barbar, N. Wu, and S. Jajodia Detecting novel network intrusions using Bayes estimators First SIAM International Conference on Data Mining 2001
4. R.B. Blazek, H. Kim, B. Rozovskii, and A. Tartakovsky A novel approach to detection of denial-of-service attacks via adaptive sequential and batch-sequential change-point detection methods IEEE workshop information assurance and security 2001 220 226
5. C.M. Cheng, H.T. Kung, and K.S. Tan Use of spectral analysis in defence against DoS attacks IEEE GLOBECOM 2002 2143 2148
6. D. Chakraborty, A. Ashir, and T. Suganuma Self-similar and fractal nature of Internet traffic Int J Network Manage 14 2004 119 129
7. M. Casdagli, S. Eubank, J.D. Farmer, and J. Gibson State space reconstruction in the presence of noise Phys D 51 1991 52 98
8. C.C. Chang, and C.J. Lin LIBSVM-a library for support vector machines http://www.csie.ntu.edu.tw/∼cjlin/libsvm/ 2001
9. A. Dainotti, A. Pescape, and G. Ventre Wavelet-based detection of DoS attacks IEEE Global Telecommunications Conference 2006
10. J.P. Eckmann, and D. Ruelle Ergodic theory of chaos and strange attractors Rev Mod Phys 1985 617 656
11. E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data Appl Data Mining Computer Security 2002
12. A.M. Fraser, and H.L. Swinney Independent coordinates for strange attractors from mutual information Phys Rev A 33 2 1986 1134 1140
13. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, and E. Vazquez Anomaly-based network intrusion detection: techniques, systems and challenges Computers Security 28 1-2 2009 18 28
14. P. Grassberger, and I. Procaccia Characterization of strange attractors Phys Rev Lett 50 5 1983
15. Y. Gu, A. McCallum, and D. Towsley Detecting anomalies in network traffic using maximum entropy estimation IMC Conference 2005
16. Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH. The WEKA data mining software: an update SIGKDD explorations. 11, 1; 2009.
17. R. Hegger, H. Kantz, and T. Schreiber Practical implementation of non linear time series method: TISEAN package Chaos 9 1999 413 435
18. K. Keys, D. Moore, R. Koga, E. Lagache, M. Tesch, and K. Claffy The architecture of the CoralReef: Internet Traffic monitoring software suite PAM Conference 2001
19. D.T. Kaplan, and L. Glass Direct test for determinism in a time series Phys Rev Lett 68 1992 427 430
20. H. Kantz A robust method to estimate the maximal Lyapunov exponent of a time series Phys Lett A 185 1994 77 87
21. M. Kennel, R. Brown, and H. Abarbanel Determing embedding dimension for phase space reconstruction using a geometrical construction Phys Rev A 45 1992 3403 3411
22. Lin HT, Lin CJ. A study on sigmoid kernels for SVM and the training of non-PSD kernels by SMO-type methods. Technical Report, Neural Computation. Department of Computer Science and Information Engineering, National Taiwan, Taipei, 2003.
23. K. Leung, and C. Leckie Unsupervised anomaly detection in network intrusion detection using clusters Proceedings of the 28th Australasian conference on computer science Vol. 38 2005 333-342
24. A. Lakhina, M. Crovella, and C. Diot Diagnosing network-wide traffic anomalies ACM SIGCOMM 2004
25. R. Lippmann, J. Haines, D. Fried, J. Korba, and K. Das Analysis and results of the 1999 DARPA off-line intrusion detection evaluation Computer Networks 34 4 2000 579 595
26. J. McHugh The 1998 Lincoln Laboratory IDS Evaluation (A Critique) Proceedings of the recent advances in intrusion detection 2000 145 161 Toulouse, France
27. Mahoney M, Chan PK. PHAD: packet header anomaly detection for identifying hostile network traffic. Florida Tech. technical report 2001-04, 2001.
28. Mahoney M, Chan PK. Learning models of network traffic for detecting novel attacks. Florida Tech. technical report 2002-08, 2002a.
29. M. Mahoney, and P.K. Chan Learning nonstationary models of normal network traffic for detecting novel attacks Edmonton, Alberta: Proceedings SIGKDD 2002 376 385
30. M. Mahoney Network traffic anomaly detection based on packet bytes Proceedings ACM-SAC 2003 346 350
31. M. Masugi, and T. Takuma Multi-fractal analysis of IP-network traffic for assessing time variations in scaling properties Phys D 225 2007 119 126
32. N. Marwan, M.C. Romano, M. Thiel, and J. Kurths Recurrence plots for the analysis of complex systems Phys Reports 438 2007 237 329
33. N. Marwan, and J. Kurths Nonlinear analysis of bivariate data with cross recurrence plots Phys Lett A 302 2002 299 307
34. J. Oldmeadow, S. Ravinutala, and C. Leckie Adaptive clustering for network intrusion detection Proceedings of the third international Pacific-Asia conference on knowledge discovery and data mining 2004
35. V. Paxson, and S. Floyd The failure of Poisson modeling IEEE/ACM Trans Networking 3 1995 226 244
36. N.H. Packard, J.P. Crutchfield, J.D. Farmer, and R.S. Shaw Geometry from a time series Phys Rev Lett 45 1980 712
37. M.B. Priestley Nonlinear and non-stationary time series 1988 Academic Press New York
38. A. Provenzale, L.A. Smith, R. Vio, and G. Murante Distinguishing between low-dimensional dynamics and randomness in measured time series Phys D 58 1992 31 49
39. D. Ruelle Deterministic chaos: the science and the fiction Proc R Soc Lond A 427 1990 241 248
40. RQA 10.1. http://homepages.luc.edu/∼cwebber.
41. V.A. Siris, and F. Papagalou Application of anomaly detection algorithms for detecting SYN flooding attacks IEEE GLOBECOM 2004 2050 2054
42. V.A. Siris, and F. Papagalou Application of anomaly detection algorithms for detecting SYN flooding attacks Global Telecommun Conf 29 3 2004 2050 2054
43. S.W. Shin, K.Y. Kim, and J. Jang D- SAT: detecting SYN flooding attack by two-stage statistical approach Applications and the Internet, The 2005 symposium 2005 430 436
44. R.H. Shumway, and D.S. Stoffer Time series analysis and its applications, Springer texts in statistics 2000 Springer-Verlag New York
45. Spade, Silicon Defense, http://www.silicondefense.com/software/spice/.
46. T. Sauer, J.A. Yorke, and M. Casdagli Embedology J Stat Phys 65 1991 579 616
47. Snort: The open-source network intrusion detection system, http://www.snort.org/.
48. Strozzi F, Gutiérrez E, Noc C, Rossi T, Serati M, Zaldívar JM. Application of non-linear time series analysis techniques to the Nordic spot electricity market data, LIUC Paper 200, 2007.
49. A. Tretyakov, H. Takayasu, and M. Takayasu Phase transition pattern in a computer network Phys A 253 1998 315 322
50. M. Takayasu, H. Takayasu, and K. Fukuda Dynamic phase transition observed in the Internet traffic flow Phys A 277 2000 248 255
51. R. Talpade, G. Kim, and S. Khurana NOMAD: Traffic-based network monitoring framework for anomaly detection Computers and communications, proceedings. IEEE international symposium 1999 442 451
52. M.S. Taqqu, V. Teverovsky, and W. Willinger Is network traffic self-similar or multifractal? Fractals 5 1997 63
53. C.F. Tsai, and C.C. Yen Unsupervised anomaly detection using HDG-Clustering algorithm Lecture Notes Comp Sci 4985 2008 356 365
54. F. Takens Detecting strange attractors in fluid turbulence D. Rand, L.S. Young, Dynamical systems and turbulence 1981 Springer 366 381
55. V. Vapnik The nature of statistical learning theory 1st ed. 1995 Springer NY
56. S.P. Washington, M.G. Karlaftis, and F.L. Mannering Statistical and econometric methods for transportation data analysis 2003 Chapman and Hall/CRC Press
57. I.H. Witten, and E. Frank Data mining: practical machine learning tools and techniques 2nd ed. 2005 SF Morgan Kaufmann
58. C.L. Webber Jr., and J.P. Zbilut Dynamical assessment of physiological system and status using recurrence plot strategies J Appl Physiol 76 1994 965 973
59. J.P. Zbilut, and C.L. Webber Embeddings and delays as derived from recurrence quantification analysis Phys Lett A 171 1992 199 203
60. J.P. Zbilut, A. Giuliani, and C.L. Webber Jr. Recurrence quantification analysis and principal components in the detection of short complex signals Phys Lett A 237 1998 131 135