Christian Callegari
ABSTRACT
In the last few years the number and impact of security attacks over the Internet have been continuously increasing. Since it is impossible to guarantee complete protection to a system by means of the "classical" prevention mechanisms, the use of Intrusion Detection Systems (IDSs) has emerged as a key element in network security. In this paper we address the problem considering some techniques for detecting network anomalies, based on the use of co-occurrence matrices, to model the "normal" behavior of the TCP connections.
The performance analysis, shows a comparison among the different solutions, which demonstrates the effectiveness of the proposed methods.
- M. Turk and A. Pentland, "Face recognition using eigenfaces," in Proc. of IEEE Computer Society Conference on Computer Vision and Pattern Recognition, (CVPR), 1991.Google Scholar
- M. Turk and A. Pentland, "Eigenfaces for recognition," Journal on Cognitive Neuroscience, vol. 3, no. 1, pp. 71--86, 1991. Google ScholarDigital Library
- A. Pentland, B. Moghaddam, and T. Starner, "View-based and modular eigenspaces for face recognition," in Proc. of IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR), 1994.Google Scholar
- M. Oka, Y. Oyama, H. Abe, and K. Kato, "Anomaly detection using layered networks based on eigen co-occurrence matrix," in Proc. of the International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 223--237, 2004.Google ScholarCross Ref
- M. Oka, Y. Oyama, and K. Kato, "Eigen co-occurrence matrix method for masquerade detection," in Proc. of the 7th JSSST SIGSYS Workshop on Systems for Programming and Applications (SPA), 2004.Google Scholar
- R. Haralick, Dinstein, and K. Shanmugam, "Textural features for image classification," IEEE Transactions on Systems, Man, and Cybernetics, vol. SMC-3, pp. 610--621, 1973.Google ScholarCross Ref
- R. Walker, P. Jackway, and D. Longstaff, "Recent developments in the use of the co-occurrence matrix for texture recognition," in Proc. of the 13th International Conference on Digital Signal Processing (ICDSP), 1997.Google Scholar
- D. Benedetto, E. Caglioti, and V. Loreto, "Language trees and zipping," Physical Review Letters, vol. 88, January 2002.Google Scholar
- A. Puglisi, "Data compression and learning in time sequences analysis," 2002.Google Scholar
- "MIT, Lincoln laboratory, DARPA evaluation intrusion detection." http://www.ll.mit.edu/IST/ideval/ (accessed on 2008/06/28).Google Scholar
- C. Callegari, S. Vaton, and M. Pagano, "A new statistical approach to network anomaly detection," in Proc. of the International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), 2008.Google Scholar
Index Terms
- On the use of co-occurrence matrices for network anomaly detection
Recommendations
Specification-based anomaly detection: a new approach for detecting network intrusions
CCS '02: Proceedings of the 9th ACM conference on Computer and communications securityUnlike signature or misuse based intrusion detection techniques, anomaly detection is capable of detecting novel attacks. However, the use of anomaly detection in practice is hampered by a high rate of false alarms. Specification-based techniques have ...
Towards an immunity-based anomaly detection system for network traffic
This paper proposes an immunity-based anomaly detection system for network traffic. The system is inspired by the specificity and diversity of the immune system; the system has a user-specific agent for every user, and diverse agents make a decision ...
Optimizing network anomaly detection scheme using instance selection mechanism
GLOBECOM'09: Proceedings of the 28th IEEE conference on Global telecommunicationsNetwork anomaly detection is a classically difficult research topic in intrusion detection. However, existing research has been solely focused on the detection algorithm. An important issue that has not been well studied so far is the selection of ...
Comments