Skip to main content
SpringerLink
Log in

Packet Header Anomaly Detection Using Statistical Analysis

  • Conference paper
International Joint Conference SOCO’14-CISIS’14-ICEUTE’14

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 299))

Abstract

The disclosure of network packets to recurrent cyber intrusion has upraised the essential for modelling various statistical-based anomaly detection methods lately. Theoretically, the statistical-based anomaly detection method fascinates researcher’s attentiveness, but technologically, the fewer intrusion detection rates persist as vulnerable disputes. Thus, a Host-based Packet Header Anomaly Detection (HbPHAD) model that is proficient in pinpoint suspicious packet header behaviour based on statistical analysis is proposed in this paper. We perform scoring mechanism using Relative Percentage Ratio (RPR) in scheming normal scores, desegregate Linear Regression Analysis (LRA) to distinguish the degree of packets behaviour (i.e. fit to be suspicious or not suspicious) and Cohen’s-d (effect size) dimension to pre-define the finest threshold. HbPHAD is an effectual resolution for statistical-based anomaly detection method in pinpoint suspicious behaviour precisely. The experiment validate that HbPHAD is effectively in correctly detecting suspicious packet at above 90% as an intrusion detection rate for both ISCX 2012 and is capable to detect 40 attack types from DARPA 1999 benchmark dataset.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Carlos, A.C., Carlos, G.G.: Automatic network intrusion detection: Current techniques and open issues. Computers & Electrical Engineering 38(5), 1062–1072 (2012)

    Article  Google Scholar 

  2. Chen, C.M., Chen, Y.L., Lin, H.C.: An efficient network intrusion detection. Computer Communication 33(4), 477–484 (2010)

    Article  Google Scholar 

  3. Denning, D.: An intrusion detection model. IEEE Transaction on Software Engineering 13(2), 222–232 (1987)

    Article  Google Scholar 

  4. Herrero, A., Navarro, M., Corchado, E., Julián, V.: RT-MOVICAB-IDS: Addressing real-time intrusion detection. Future Generation Computer Systems 29(1), 250–261 (2013)

    Article  Google Scholar 

  5. Lee, W., Stolfo, S.: A framework for constructing features and models for intrusion detection systems. ACM Transaction of Information System Security 3(4), 227–261 (2000)

    Article  Google Scholar 

  6. Lee, K.-C., Chang, J., Chen, M.-S.: PAID: Packet Analysis for Anomaly Intrusion Detection. In: Washio, T., Suzuki, E., Ting, K.M., Inokuchi, A. (eds.) PAKDD 2008. LNCS (LNAI), vol. 5012, pp. 626–633. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion Detection System: A comprehensive review. Journal of Network and Computer Application 36(1), 16–24 (2013)

    Article  Google Scholar 

  8. Lippmann, R.P., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The, DARPA Off-Line Intrusion Detection Evaluation. MIT Lincoln Lab Technical Report (2000)

    Google Scholar 

  9. Mahoney, M.V., Chan, P.K.: PHAD: Packet Header Anomaly Detection for Identify-ing Hostile Network Traffic. Technical report, Florida Tech., CS-2001-4 (April 2001)

    Google Scholar 

  10. Muda, Z., Yassin, W., Sulaiman, M.N., Udzir, N.I.: A K-means and naive bayes learn-ing approach for better intrusion detection. Information Technology Journal 10(3), 648–655 (2011)

    Article  Google Scholar 

  11. Rehman, A., Saba, A.: Evaluation of artificial intelligent techniques to secure infor-mation in enterprises. Artificial Intelligence Review, 1–16 (2012)

    Google Scholar 

  12. Rebecca, B., Peter, M.: NIST Special Publication on Intrusion Detection Systems. Infidel, Inc., Scotts Valley, CA and National Institute of Standards and Technology (2001)

    Google Scholar 

  13. Shakouri, H., Nadimi, G.R.: Outlier Detection in Fuzzy Linear Regression with Crisp Input-Output by Linguistic Variable View. Applied Soft Computing 13(1), 734–742 (2013)

    Article  Google Scholar 

  14. Shamsuddin, S.B., Woodward, M.E.: Applying Knowledge Discovery in Database Techniques: Modeling Packet Header Anomaly Intrusion Detection Systems. Journal of Software 3(9), 68–76 (2008)

    Article  Google Scholar 

  15. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a system-atic approach to generate benchmark datasets for intrusion detection. Computers & Security 31(3), 357–374 (2012)

    Article  Google Scholar 

  16. Xiong, W., Hu, H., Xiong, N., Yang, L.T., Park, J.H., Wang, Q.: An anomaly-based detection in ubiquitous network using the equilibrium state of the catastrophe theory. Journal of Supercomputing 64(2), 274–294 (2013)

    Article  Google Scholar 

  17. Yingbing, Y.: A survey of anomaly intrusion detection techniques. Journal of Computer Science 28(1), 9–17 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, 43400, UPM Serdang, Selangor, Malaysia

    Warusia Yassin, Nur Izura Udzir, Azizol Abdullah, Mohd Taufik Abdullah, Zaiton Muda & Hazura Zulzalil

  2. Faculty of Information and Communication Technology, Universiti Teknikal Malaysia, 76100, Durian Tunggal, Melaka, Malaysia

    Warusia Yassin

Authors
  1. Warusia Yassin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nur Izura Udzir
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Azizol Abdullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohd Taufik Abdullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zaiton Muda
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hazura Zulzalil
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Warusia Yassin .

Editor information

Editors and Affiliations

  1. DeustoTech Computing, University of Deusto, Bilbao, Spain

    José Gaviria de la Puerta

  2. DeustoTech Computing, University of Deusto, Bilbao, Spain

    Iván García Ferreira

  3. DeustoTech Computing, University of Deusto, Bilbao, Spain

    Pablo Garcia Bringas

  4. German Workforce ADL Partnership Laboratory, Waltershausen, Germany

    Fanny Klett

  5. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Washington, USA

    Ajith Abraham

  6. Department of Computer Science, University of Sao Paulo at Sao Carlos, Sao Carlos, Brazil

    André C.P.L.F. de Carvalho

  7. Department of Civil Engineering Escuela Politénica Superior, University of Burgos, Burgos, Spain

    Álvaro Herrero

  8. Department of Civil Engineering Escuela Politénica Superior, University of Burgos, Burgos, Spain

    Bruno Baruque

  9. Departamento de Enxeñeria Industrial, Escuela Universitaria Politécnica, University of Salamanca, Salamanca, Spain and University of Coruña, La Coruña, Spain

    Héctor Quintián

  10. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Yassin, W., Udzir, N.I., Abdullah, A., Abdullah, M.T., Muda, Z., Zulzalil, H. (2014). Packet Header Anomaly Detection Using Statistical Analysis. In: de la Puerta, J., et al. International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. Advances in Intelligent Systems and Computing, vol 299. Springer, Cham. https://doi.org/10.1007/978-3-319-07995-0_47

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07995-0_47

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07994-3

  • Online ISBN: 978-3-319-07995-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation