Skip to main content
SpringerLink
Log in

A Covariance Matrix Based Approach to Internet Anomaly Detection

  • Conference paper
Book cover Advances in Machine Learning and Cybernetics

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3930))

Abstract

Detecting multiple network attacks is essential to intrusion detection, network security defense and network traffic management. This paper presents a covariance matrix based detection approach to detecting multiple known and unknown network anomalies. It utilizes the difference of covariance matrices among observed samples in the detection. A threshold matrix is employed in the detection where each entry of the matrix evaluates the covariance changes of the corresponding features. As case studies, extensive experiments are conducted to detect multiple DoS attacks – the prevalent Internet anomalies. The experimental results indicate that the proposed approach achieves high detection rates in detecting multiple known and unknown anomalies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Feinstein, L., Schnackenberg, D.: Statistical Approaches to DDoS Attack Detection and Response. In: Proceedings of the DARPA Information Survivability Conference and Expostion (DISCEX 2003) (April 2003)

    Google Scholar 

  2. Manikopoulos, C., Papavassiliou, S.: Network Intrusion and Fault Detection: A Statistical Anomaly Approach. IEEE Communications Magazine (October 2002)

    Google Scholar 

  3. Blazek, R.B., Kim, H., Rozovskii, B., Tartakovsky, A.: A Novel Approach to Detection of Denial-of-Service Attacks Via Adaptive Sequential and Batch-Sequential Change-Point Detection Methods. In: Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection (June 2002)

    Google Scholar 

  4. Conte, E., De Maio, A., Ricci, G.: Covariance matrix estimation for adaptive CFAR detection in compound-Gaussian clutter. IEEE Transactions on Aerospace and Electronic Systems 38(2) (April 2002)

    Google Scholar 

  5. Yang, Z., Wang, X.: Blind turbo multiuser detection for long-code multipath CDMA. IEEE Transactions on Communications 50(1) (January 2002)

    Google Scholar 

  6. Conte, E., Maio, A.D., Ricci, G.: Recursive estimation of the covariance matrix of a compound-Gaussian process and its application to adaptive CFAR detection. IEEE Transactions on Signal Processing 50(8) (August 2002)

    Google Scholar 

  7. Ye, N., Emran, S., Chen, Q., Vilbert, S.: Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection. IEEE Transaction on Computers 51(7) (2002)

    Google Scholar 

  8. Cormode, G., Muthukrishnan, S.: What’s New: Finding Significant Differences in Network Data Streams. In: IEEE INFOCOM 2004 (March 2004)

    Google Scholar 

  9. Estan, C., Varghese, G.: Data streaming in computer networks. In: Proceedings of workshop on Management and processing of Data Streams (2003), http://www.research.att.com/conf/mpds2003/schedule/estanV.ps

  10. Jin, S., Yeung, D.: A Covariance Analysis Model for DDoS Attack Detection. In: Proceedings of IEEE ICC 2004, Paris, France (June 2004)

    Google Scholar 

  11. Lincoln Laboratories: 1999 DARPA Intrusion Detection Evaluation (1999), http://www.ll.mit.edu/IST/ideval/index.html

  12. Lee, W.: A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems. Ph.D. dissertation, Columbia University (1999)

    Google Scholar 

  13. Lee, W., Stolfo, S.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Trans. Information and System Security 3(4), 227–261 (2000)

    Article  Google Scholar 

  14. Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: RAID, pp. 220–237 (2003)

    Google Scholar 

  15. Jin, S., Yeung, D., Wang, X., Tsang, E.C.C.: A Second-order Statistical Detection Approach with Application to Internet Anomaly Detection. In: IEEE International Conference on Machine Learning and Cybernetics (August 2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing, HongKong Polytechnic University, HongKong

    Shuyuan Jin, Daniel So Yeung & Eric C. C. Tsang

  2. School of Mathematics and Computer Science, Hebei University, Baoding, China

    Xizhao Wang

Authors
  1. Shuyuan Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel So Yeung
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xizhao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eric C. C. Tsang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Hong Kong Polytechnic University, P.O. Box, Hong Kong, China

    Daniel S. Yeung

  2. School of Creative Media, City University of Hong Kong,, China

    Zhi-Qiang Liu

  3. Department of Mathematics and Computer Science, Hebei University, 071002, Baoding, Hebei, P.R. China

    Xi-Zhao Wang

  4. School of Electrical and Information Engineering, University of Sydney, 2006, NSW, Australia

    Hong Yan

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jin, S., Yeung, D.S., Wang, X., Tsang, E.C.C. (2006). A Covariance Matrix Based Approach to Internet Anomaly Detection. In: Yeung, D.S., Liu, ZQ., Wang, XZ., Yan, H. (eds) Advances in Machine Learning and Cybernetics. Lecture Notes in Computer Science(), vol 3930. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11739685_72

Download citation

  • DOI: https://doi.org/10.1007/11739685_72

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33584-9

  • Online ISBN: 978-3-540-33585-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation