CFP last date
20 January 2025
Call for Paper
February Edition
IJCA solicits high quality original research papers for the upcoming February edition of the journal. The last date of research paper submission is 20 January 2025

Submit your paper
Know more
The week's pick
Responsive image
SFLA-Based Line Balancing and Task Optimization in Master-Slave Controlled Hanger Transportation Systems for Garment Production

Duc Hoang Nguyen
Random Articles
Reseach Article

Hybrid Modular Approach for Anomaly Detection System

by A.Laxmi Kanth, M.Sridhar, Suresh Yadav
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 14 - Number 8
Year of Publication: 2011
Authors: A.Laxmi Kanth, M.Sridhar, Suresh Yadav
10.5120/1907-2510

A.Laxmi Kanth, M.Sridhar, Suresh Yadav . Hybrid Modular Approach for Anomaly Detection System. International Journal of Computer Applications. 14, 8 ( February 2011), 1-7. DOI=10.5120/1907-2510

@article{ 10.5120/1907-2510,
author = { A.Laxmi Kanth, M.Sridhar, Suresh Yadav },
title = { Hybrid Modular Approach for Anomaly Detection System },
journal = { International Journal of Computer Applications },
issue_date = { February 2011 },
volume = { 14 },
number = { 8 },
month = { February },
year = { 2011 },
issn = { 0975-8887 },
pages = { 1-7 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume14/number8/1907-2510/ },
doi = { 10.5120/1907-2510 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:02:49.139407+05:30
%A A.Laxmi Kanth
%A M.Sridhar
%A Suresh Yadav
%T Hybrid Modular Approach for Anomaly Detection System
%J International Journal of Computer Applications
%@ 0975-8887
%V 14
%N 8
%P 1-7
%D 2011
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The traditional approach for detecting novel attacks in network traffic is to model the normal frequency of session IP addresses and server port usage and to signal unusual combinations of these attributes as suspicious. Rather than just modeling user behavior, recent systems model network protocols from the data link through the application layer in order to detect attacks that exploit vulnerabilities in the implementation of these protocols. We describe modular approach for network anomaly detection. Our system analyses the network traffic at three different possible levels (packet, flow, protocol) with the help of three different modules. Total anomaly score is computed from the anomaly scores of the three modules using weighted attribute model. We detect 147 of 185 attacks in the DARPA off-line intrusion detection evaluation data set [1] at 10 false alarms per day (total 100 false alarms), after training on one week of attack-free traffic. We investigate the performance of the system when attack free training data is not available.

References
  1. Lippmann, R., et al., "The 1999 DARPA Off-Line Intrusion Detection Evaluation", Computer Networks 34(4) 579-595, 2000.
  2. Barbará, D., N. Wu, S. Jajodia, "Detecting Novel Network Intrusions using Bayes Estimators", First SIAM International Conference on Data Mining, 2001,
  3. Anderson, D. et. al., "Detecting unusual program behavior using the statistical component of the Next-generation Intrusion Detection Expert System (NIDES)", Computer Science Laboratory SRI-CSL 95-06 May 1995.
  4. SPADE, Silicon Defense, http://www.silicondefense.com/software/spice/
  5. Mahoney, M., P. K. Chan, "PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic", Florida Tech. technical report 2001-04, http://cs.fit.edu/~tr/
  6. M. Mahoney, "Network Traffic Anomaly Detection Based on Packet Bytes", Proc. ACM-SAC, 346-350, 2003.
  7. Forrest, S., S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A Sense of Self for Unix Processes", Proceedings of IEEE Symposium on Computer Security and Privacy, 1996.
  8. L Zhuowei, A Das and S Nandi, "Utilizing Statistical Characteristics of N-grams for Intrusion Detection", International Conference on Cyberworlds, Singapore, December 2003.
  9. Sekar, R., M. Bendre, D. Dhurjati, P. Bollineni, "A Fast Automaton-based Method for Detecting Anomalous Program Behaviors". Proceedings of the 2001 IEEE symposium on Security and Privacy.
  10. Roesch, Martin, "Snort - Lightweight Intrusion Detection for Networks", Proc. USENIX Lisa '99, Seattle: Nov. 7-12, 1999.
  11. Paxson, Vern, "Bro: A System for Detecting Network Intruders in Real-Time", Lawrence Berkeley National Laboratory Proceedings, 7'th USENIX Security Symposium, Jan. 26-29, 1998.
  12. Mahoney, M., P. K. Chan, "Learning Models of Network Traffic for Detecting Novel Attacks", Florida Tech. technical report 2002-08, http://cs.fit.edu/~tr/
  13. Mahoney, M., P. K. Chan, "Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks ", Edmonton, Alberta: Proc. SIGKDD, 376-385, 2002.
  14. Handley, M., C. Kreibich and V. Paxson, "Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics", Proc. USENIX Security Symposium, 2001.
  15. Sekar, R., A.Gupta, J.Frullo, T.Shanbhag, A.Tiwari, H.Yang and S.Zhou, Specification-based Anomaly Detection: A New Approach for Detecting Network Intrusions. CCS’02, Washington, USA, Nov. 18-22, 2002.
  16. Ptacek, Thomas H., and Timothy N. Newsham, "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection", January, 1998, http://www.robertgraham.com/mirror/Ptacek-Newsham-Evasion-98.html
  17. Floyd, S. and V. Paxson, "Difficulties in Simulating the Internet." IEEE/ACM Transactions on Networking Vol. 9, no. 4, pp. 392-403, Aug. 2001. http://www.icir.org/vern/papers.html
  18. Kendall, Kristopher, "A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems", Masters Thesis, MIT, 1999.
Index Terms

Computer Science
Information Sciences

Keywords

Hybrid Anomaly Detection DARPA

Powered by PhDFocusTM