Abstract
The main drawback of Traditional signature-based intrusion detection systems – inability in detecting novel attacks lacking known signatures – makes anomaly detection systems a vibrant research area. In this paper an efficient learning algorithm that constructs learning models of normal network traffic behavior will be proposed. Behavior that deviates from the learned normal model signals possible novel attacks. The proposed technique is novel in application of stochastic learning automata in the problem of ARP-based network anomaly detection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hwang, K., Liu, H., Chen, Y.: Cooperative Anomaly and Intrusion Detection for Alert Correlation in Networked Computing Systems. IEEE Trans. Dependable and Secure Computing (November 24, 2004)
Maselli, G., Deri, L.: Design and Implementation of an Anomaly Detection System: an Empirical Approach. In: Proc., Terena TNC 2003, Zagreb, Croatia (May 2003)
Hwang, K., Liu, H., Chen, Y.: Protecting Network-Centric Systems with Joint Anomaly and Intrusion Detection over Internet Episodes. In: IEEE IPDPS 2005, October 8 (2004)
Thottan, M., Ji, C.: Anomaly Detection in IP Networks. IEEE Trans. Signal Processing 51(8) (August 2003)
Duffield, N.G., Pretsi, F.L., Paxson, V., Towsley, D.: Inferring Link Loss Using Striped Unicast Probes. In: Proc. IEEE INFOCAM (2001)
Yasami, Y., Farahmand, M., Zargari, V.: An ARP-based Anomaly Detection Algorithm Using Hidden Markov Model in Enterprise Networks. In: Second Int’l Conf. on Systems and Networks Communication (ICSNC 2007), p. 69 (August 2007)
Ármannsson, D., Hjálmtýsson, G., Smith, P.D., Mathy, L.: Controlling the Effects of Anomalous ARP Behaviour on Ethernet Networks. In: Proc. ACM Conf. on Emerging Network Experiment and Technology, pp. 50–60 (2005)
Whyte, D., Kranakis, E., Van Oorschot, P.: ARP-Based Detection of Scanning Worms within an Enterprise Network. In: Proc. Computer Security Applications Conf. (ACSAC 2005), Tucson, AZ, December 5-9 (2005)
Farahmand, M., Azarfar, A., Jafari, A., Zargari, V.: A Multivariate Adaptive Method for Detecting ARP Anomaly in Local Area Networks. In: Int’l Conf. on Systems and Networks Communication (ICSNC 2006), pp. 53–59 (November 2006)
Summary Test Report Core Ethernet Switches Buffering and Control Plane Performance Comparison, Cisco Systems Catalyst 6500 vs. Foundry Networks BigIron 8000, MIER Communications Inc., July 12 (2000)
Joshi, S.S., Phoha, V.V.: Investigating Hidden Markov Models Capabilities in Anomaly Detection. In: 43rd ACM Southeast Conference, Kennesaw, GA, USA (March 2005)
Gaddam, S.R., Phoha, V.V., Balagani, K.S.: K-Means+ID3: A novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learnimg Methods. IEEE Transactions on Knowledge and Data Engineering 19(3) (March 2007)
Yasami, Y., Khorsandi, S., Pourmozaffari, S.: An Unsupervised Network Anomaly Detection Approach by K-Means Clustering & ID3 Algorithms. In: Proc. of 13th IEEE Symposium on Computers and Communications, ISCC 2008 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yasami, Y. (2010). An SLA-Based Approach for Network Anomaly Detection. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á. (eds) Computational Intelligence in Security for Information Systems 2010. Advances in Intelligent and Soft Computing, vol 85. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16626-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-16626-6_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16625-9
Online ISBN: 978-3-642-16626-6
eBook Packages: EngineeringEngineering (R0)