Skip to main content
SpringerLink
Log in

Anomalieerkennung in Computernetzen

  • Schwerpunkt
  • Published:
Datenschutz und Datensicherheit - DuD Aims and scope Submit manuscript

Zusammenfassung

Seit Dekaden wird bereits an Anomalieerkennung in Computernetzen geforscht. Maßgebliche Erfolge blieben bis heute allerdings aus. Zwar werden regelmäßig Verfahren publiziert, die auf dem Papier viel versprechende Ergebnisse bringen, doch kaum eines schafft es, auch in der Praxis Einsatz zu finden. Der Beitrag zeigt die Gründe dafür auf und stellt vor, wie diesem Phänomen begegnet werden kann.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Literaturverzeichnis

  1. Snort, http://www.snort.org.

  2. Bro Intrusion Detection System, http://www.bro-ids.org.

  3. D. E. Denning, „An intrusion-detection model,“ IEEE Trans. Softw. Eng., vol. 13, pp. 222–232, February 1987.

    Article  Google Scholar 

  4. R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,” IEEE Symposium on Security and Privacy, pp. 305–316, 2010.

  5. S. Axelsson, “The base-rate fallacy and its implications for the difficulty of intrusion detection,” in CCS’ 99: Proceedings of the 6th ACM conference on Computer and Communications Security. New York, NY, USA: ACM, 1999, pp. 1–7.

    Google Scholar 

  6. D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. Mcclung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman, “Evaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation,” in Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000, pp. 12–26.

  7. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, “The 1999 darpa off-line intrusion detection evaluation,” Computer Networks, vol. 34, no. 4, pp. 579–595, 2000.

    Article  Google Scholar 

  8. M. V. Mahoney and P. K. Chan, “Learning nonstationary models of normal network traffic for detecting novel attacks,” in KDD’ 02: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining. New York, NY, USA: ACM, 2002, pp. 376–385.

    Chapter  Google Scholar 

  9. M. V. Mahoney, “Network traffic anomaly detection based on packet bytes,” in SAC’ 03: Proceedings of the 2003 ACM symposium on Applied computing. New York, NY, USA: ACM, 2003, pp. 346–350.

    Chapter  Google Scholar 

  10. Y.-l. Zhang, Z.-g. Han, and J.-x. Ren, “A network anomaly detection method based on relative entropy theory,” in ISECS’ 09: Proceedings of the 2009 Second International Symposium on Electronic Commerce and Security. Washington, DC, USA: IEEE Computer Society, 2009, pp. 231–235.

    Chapter  Google Scholar 

  11. M. V. Mahoney and P. K. Chan, “An analysis of the 1999 darpa/lincoln laboratory evaluation data for network anomaly detection,” in Proceedings of the Sixth International Symposium on Recent Advances in Intrusion Detection. Springer, 2003, pp. 220–237.

    Google Scholar 

  12. J. McHugh, “Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory,” ACM Trans. Inf. Syst. Secur., vol. 3, no. 4, pp. 262–294, 2000.

    Article  Google Scholar 

  13. C. Gates and C. Taylor, “Challenging the anomaly detection paradigm: a provocative discussion,” in Proceedings of the 2006 workshop on New security paradigms, ser. NSPW’ 06. New York, NY, USA: ACM, 2007, pp. 21–29.

    Google Scholar 

  14. Early Warning Research Lab (ewrl), http://www.fruehwarnung.at.

  15. A. Wagner and B. Plattner, “Entropy based worm and anomaly detection in fast ip networks,” in Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise. Washington, DC, USA: IEEE Computer Society, 2005, pp. 172–177.

    Google Scholar 

  16. G. Nychis, V. Sekar, D. G. Andersen, H. Kim, and H. Zhang, “An empirical evaluation of entropy-based traffic anomaly detection,” in Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, ser. IMC’ 08. New York, NY, USA: ACM, 2008, pp. 151–156.

    Chapter  Google Scholar 

  17. A. Sperotto, G. Vliek, R. Sadre, and A. Pras, “Detecting spam at the network level,” in Proceedings of the 15th Open European Summer School and IFIP TC6.6 Workshop, EUNICE 2009, Barcelona, ser. Lecture Notes in Computer Science, vol. 5733. Berlin: Springer Verlag, August 2009, pp. 208–216.

    Google Scholar 

  18. 2010 CWE/SANS Top 25 Most Dangerous Software Errors, http://cwe.mitre.org/top25/.

  19. C. Kruegel and G. Vigna, “Anomaly detection of web-based attacks,” in CCS’ 03: Proceedings of the 10th ACM conference on Computer and communications security. New York, NY, USA: ACM, 2003, pp. 251–261.

    Chapter  Google Scholar 

  20. K. Wang and S. J. Stolfo, “Anomalous payloadbased network intrusion detection,” in Recent Advances in Intrusion Detection, ser. Lecture Notes in Computer Science, vol. 3224. Springer Berlin / Heidelberg, 2004, pp. 203–222.

    Google Scholar 

  21. K. Wang, J. J. Parekh, and S. J. Stolfo, “Anagram: A content anomaly detector resistant to mimicry attack,” in Recent Advances in Intrusion Detection, ser. Lecture Notes in Computer Science, vol. 4219. Springer Berlin / Heidelberg, 2006, pp. 226–248.

    Google Scholar 

  22. R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee, “Mcpad: A multiple classifier system for accurate payload-based anomaly detection,” Computer Networks, vol. 53, no. 6, pp. 864–881, 2009, traffic Classification and Its Applications to Modern Networks.

    Article  Google Scholar 

  23. Y. Song, A. D. Keromytis, and S. J. Stolfo, “Spectrogram: A mixture-of-markov-chains model for anomaly detection in web traffic,” in Proc. of Network and Distributed System Security Symposium (NDSS), 2009.

  24. T. Krueger, C. Gehl, K. Rieck, and P. Laskov, “Tokdoc: a self-healing web application firewall,” in SAC’ 10: Proceedings of the 2010 ACM Symposium on Applied Computing. New York, NY, USA: ACM, 2010, pp. 1846–1853.

    Chapter  Google Scholar 

  25. R. Begleiter, R. El-Yaniv, and G. Yona, “On prediction using variable order markov models,” J. Artif.Int. Res., vol. 22, no. 1, pp. 385–421, 2004.

    MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. FH-Oberösterreich, Wels, Österreich

    Philipp Winter & Harald Lampesberger

  2. Kommunikation und Medien, FH-Oberösterreich, Wels, Österreich

    Markus Zeilinger & Eckehard Hermann

Authors
  1. Philipp Winter
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Harald Lampesberger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Markus Zeilinger
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eckehard Hermann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philipp Winter.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Winter, P., Lampesberger, H., Zeilinger, M. et al. Anomalieerkennung in Computernetzen. DuD 35, 235–239 (2011). https://doi.org/10.1007/s11623-011-0059-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11623-011-0059-1

Search

Navigation