Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Science and Its Applications

ICCSA 2006: Computational Science and Its Applications - ICCSA 2006 pp 432–439Cite as

SPAD: A Session Pattern Anomaly Detector for Pre-alerting Intrusions in Home Network

  • Conference paper

  • 779 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3983))

Abstract

In order to prevent the intrusion in network-based information systems effectively, it is necessary to detect the early sign in advance of intrusion. This sort of pre-alerting approach may be classified as an active prevention, since detecting the various forms of hackers’ intrusion trials to know the vulnerability of systems is not missed and early cross-checked. The existing network-based anomaly detection algorithms that cope with port-scanning and the network vulnerability scans have some weakness in slow scans and coordinated scans. Therefore, a new concept of pre-alerting algorithm is especially attractive to detect effectively the various forms of abnormal accesses for the trial of intrusion regardless of the intrusion methods. In this paper, we propose a session pattern anomaly detector (SPAD) which detects the abnormal service patterns by comparing them with the ordinary normal service patterns.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   139.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Solar Designer: Designing and Attacking Port Scan Detection Tools. Phrack Magazine 8(53) (July 8, 1998)

    Google Scholar 

  2. Fyodor: The Art of Port Scanning. Phrack Magazine 7(51) (September 01, 1997)

    Google Scholar 

  3. Publication of Real-time Network Illegal Scanning Automatic Detection Tool (RTSD), http://www.certcc.or.kr/

  4. http://www.silicondefense.com/software/spice/index.htm

  5. Staniford, S., Hoagland, J.A., Mcalerney, J.M.: Practical Automated Detection of Stealthy Portscans, http://www.silicondefense.com/software/spice/index.htm

  6. Hoagland, J.A., Staniford, S.: Viewing IDS alerts: Lessons from SnortSnarf. IEEE, Los Alamitos (2001)

    Google Scholar 

  7. McHugh, J.: Testing Intrusion Detection Systems: A Cririque of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security 3(4), 262–294 (2000)

    Article  Google Scholar 

  8. http://www.ll.mit.edu/IST/ideval/index.html

  9. Attack database, http://www.ll.mit.edu/IST/ideval/docs/docs_index.html

  10. Off-Line Simulation Network, http://www.ll.mit.edu/IST/ideval/docs/docs_index.html

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Daejeon University, Daejeon, Korea

    Soo-Jin Park, Young-Shin Park, Yong-Rak Choi & Sukhoon Kang

Authors
  1. Soo-Jin Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Young-Shin Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yong-Rak Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sukhoon Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. OptimaNumerics Ltd.,, Cathedral House 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  5. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  6. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  7. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  8. School of Information and Communication Engineering, Sungkyunkwan University, Korea

    Hyunseung Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Park, SJ., Park, YS., Choi, YR., Kang, S. (2006). SPAD: A Session Pattern Anomaly Detector for Pre-alerting Intrusions in Home Network. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751632_47

Download citation

  • DOI: https://doi.org/10.1007/11751632_47

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34077-5

  • Online ISBN: 978-3-540-34078-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation