Skip to main content
SpringerLink
Log in

Enhanced Network Traffic Anomaly Detector

  • Conference paper
Distributed Computing and Internet Technology (ICDCIT 2005)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3816))

  • 862 Accesses

Abstract

Network intrusion detection systems often rely on matching patterns that are learned from known attacks. While this method is reliable and rarely produces false alarms, it has the disadvantage that it cannot detect novel attacks. An alternative approach is to learn a model of normal traffic and report deviations, but these anomaly models are typically restricted to modeling IP addresses and ports. We describe an anomaly detection system which models all the fields of network, transport layer and payload of a packet at the byte level, by giving more weight to the most anomalous attributes. We investigated all the attributes and assigned weights to the attributes based on their anomalous behavior. We detect 144 of 185 attacks in the DARPA off-line intrusion detection evaluation data set [1] at 10 false alarms per day (total 100 false alarms), after training on one week of attack-free traffic. We investigate the performance of the system when attack free training data is not available.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Guwahati 780139, India

    Suresh Reddy & Sukumar Nandi

Authors
  1. Suresh Reddy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sukumar Nandi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Software and Information Science, Iwate Prefectural University, Japan

    Goutam Chakraborty

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Reddy, S., Nandi, S. (2005). Enhanced Network Traffic Anomaly Detector. In: Chakraborty, G. (eds) Distributed Computing and Internet Technology. ICDCIT 2005. Lecture Notes in Computer Science, vol 3816. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11604655_45

Download citation

  • DOI: https://doi.org/10.1007/11604655_45

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30999-4

  • Online ISBN: 978-3-540-32429-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation