Detecting network anomalies using CUSUM and EM clustering

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5821 LNCS, Issue , 2009, Pages 297-308

  Lu, Wei ^a,b   Tong, Hengjian ^c  

^a UNIVERSITY OF NEW BRUNSWICK   (Canada)

^b UNIVERSITY OF VICTORIA   (Canada)

^c CHINA UNIVERSITY OF GEOSCIENCES   (China)

Author keywords

Clustering; Intrusion detection

Indexed keywords

ACCURATE INFERENCE; ANOMALY DETECTION METHODS; ANOMALY DETECTOR; CLUSTERING; CUMULATIVE SUMS; DATA SETS; DETECTION ACCURACY; DETECTION TECHNIQUE; EM CLUSTERING; EVENT REPORT; EXPERIMENTAL EVALUATION; FALSE ALARM RATE; HYBRID APPROACH; HYBRID FRAMEWORK; INTRUSION DETECTION SYSTEMS; INTRUSION DETECTORS; MULTI SENSOR; NETWORK ANOMALIES; NETWORK TRAFFIC; NON-PARAMETRIC; NUMBER OF FALSE ALARMS; OPTIMAL PERFORMANCE; SECURITY OPERATORS;

COMPUTER CRIME; ERRORS; SENSORS;

INTRUSION DETECTION;

EID: 78650707559     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-04843-2_32     Document Type: Conference Paper

References (33)

1. Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical Report, James P. Anderson Co., Fort Washington, Pennsylvania (1999)
2. Denning, D.E.: An Intrusion Detection Model. IEEE Transactions on Software Engineering 2, 222-232 (1987)
3. Axelsson, S.: The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Transactions on Information and System Security (TISSEC) 3(3), 186-201 (2000)
4. Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygarcan, J.D.: Can Machine Learning be Secure? In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 16-25 (2006)
5. Sabhnani, M., Serpen, G.: Analysis of a Computer Security Dataset: Why Machine Learning Algorithms Fail on KDD Dataset for Misuse Detection. Intelligent Data Analysis 8(4), 403-415 (2004)
6. Patcha, A., Park, J.M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technologies Trends. Computer Networks: The International Journal of Computer and Telecommunications Networking 51(12), 3448-3470 (2007)
7. Barbarra, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: Detecting Intrusions by Data Mining. In: Proceedings of the 2001 IEEE, Workshop on Information Assurance and Security, West Point, NY (June 2001)
8. Lunt, T.F., Tamaru, A., Gilham, F., Jagannathm, R., Jalali, C., Neumann, P.G., Javitz, H.S., Valdes, A., Garvey, T.D.: A Real-time Intrusion Detection Expert System (IDES). Technical Report, Computer Science Laboratory, SRI International, Menlo Park, USA (February 1992)
9. Anderson, D., Frivold, T., Tamaru, A., Valdes, A.: Next Generation Intrusion Detection Expert System (NIDES). Software Users Manual, Beta-Update release. Computer Science Laboratory, SRI International, Menlo Park, CA, USA, Technical Report SRI-CSL-95-0 (May 1994)
10. Porras, P., Neumann, P.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of the 20th NIST-NCSC National Information Systems Security Conference, Baltimore, MD, USA, pp. 353-365 (1997)
11. Tombini, E., Debar, H., Mé, L., Ducassé, M.: A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP traffic. In: Proceedings of the 20th Annual Computer Security Applications Conference, Tucson, AZ, USA (2004)
12. Zhang, J., Zulkernine, M.: A Hybrid Network Intrusion Detection Technique using Random Forests. In: Proceedings of the 1st International Conference on Availability, Reliability and Security, pp. 262-269. Vienna University of Technology (2006)
13. Peng, J., Feng, C., Rozenblit, J.W.: A Hybrid Intrusion Detection and Visualization System. In: Proceedings of the 13th Annual IEEE International Symposium and Workshop on Engineering of Computer Based Systems, pp. 505-506 (2006)
14. Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An Intelligent Intrusion Detection System (IDS) for Anomaly and Misuse Detection in Computer Networks. Expert Systems with Applications 29(4), 713-722
15. Qin, M., Hwang, K., Cai, M., Chen, Y.: Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes. IEEE Transactions on Dependable and Secure Computing 4(1), 41-55
16. Xiang, C., Lim, S.M.: Design of Multiple-level Hybrid Classifier for Intrusion Detection System. In: Proceedings of the IEEE Workshop Machine Learning for Signal Processing, pp. 117-122 (2005)
17. Thames, J.L., Abler, R., Saad, A.: Hybrid Intelligent Systems for Network Security. In: Proceedings of the 44th ACM Annual Southeast Regional Conference, pp. 286-289
18. Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling Intrusion Detection System using Hybrid Intelligent Systems. Special issue on Network and Information Security: A Computational Intelligence Approach. Journal of Network and Computer Applications 30(1), 114-132 (2007)
19. Shon, T., Moon, J.: A Hybrid Machine Learning Approach to Network Anomaly Detection. International Journal on Information Sciences 177(18), 3799-3821 (2007)
20. Sabhnani, M.R., Serpen, G.: Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context. In: Proceedings of International Conference on Machine Learning: Models, Technologies, and Applications, pp. 209-215 (2003)
21. http://nsl.cs.unb.ca/wei/hybrid.htm
22. Wang, H.N., Zhang, D.L., Hin, K.G.: Detecting SYN flooding attacks. In: Proceedings of IEEE INFOCOM 2002 (June 2002)
23. Lu, W., Traore, I.: Unsupervised anomaly detection using an evolutionary extension of Kmeans algorithm. International Journal on Information and Computer Security 2(2), 107-139 (2008) (Pubitemid 351802737)
24. Peng, T., Leckie, C., Ramamohanarao, K.: Detecting distributed denial of service attacks using source IP address monitoring. Draft (November 2002)
25. http://www.ethereal.com/docs/man-pages/editcap.1.html
26. http://www.wireshark.org/docs/man-pages/tshark.html
27. http://kdd.ics.uci.edu/databases/kddcup99/ kddcup99.html.kddcup
28. http://www.ll.mit.edu/IST/ideval/data/1998/ 1998-data-index.html
29. Mahoney, M.V., Chan, P.K.: An analysis of the 1999 DARPA/Lincoln Laboratory evaluation data for network anomaly detection. In: Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, pp. 220-237 (2003)
30. McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Transactions on Information and System Security 3(4), 262-294 (2000)
31. Gaffney, J.E., Ulvila, J.W.: Evaluation of intrusion detectors: a decision theory Approach. In: Proceeding of IEEE Symposium on Security and Privacy, pp. 50-61 (2001)
32. http://www.ll.mit.edu/IST/ideval/data/1999/ 1999-data-index.html
33. Lu, W., Ghorbani, A.A.: Network anomaly detection based on wavelet analysis. EURASIP Journal on Advances in Signal Processing (2008) (in press)