Anomaly Detection in Network Traffic: A Statistical Approach
|
|
- Clare Morrison
- 5 years ago
- Views:
Transcription
1 16 Anomaly Detection in Network Traffic: A Statistical Approach Manmeet Kaur Marhas, M.tech Scholar, Dept. of CSE, CMJ University, Shilong, Meghalaya, India Anup Bhange, Asst.Prof, Dept. of IT, KDK College of Eng, Nagpur Piyush Ajankar, Asst.Prof, Dept. of IT, KDK College of Eng, Nagpur ABSTRACT A global Internet usage enlarge rate of 380% superior than the period from 2000, the year of the dot-com bubble burst, until present select that Internet technology has become a stand of our daily life. In the similar period, cyber-crime has seen an unbelievable to facilitate to create sophisticated protection device for computers and networks a complete necessity. Firewalls as the major protection of the final decade do not give adequate protection anymore. This information has given increase to the expansion of intrusion detection and prevention systems. usual intrusion detection systems are hasty in the sense that they use a set of signatures, which lift at the same rate as new technique are exposed, to identify malicious traffic patterns. Anomaly detection systems are one more branch of intrusion detection systems that operate more proactively. They get a model of the normal system presentation and issue alerts whenever the behavior changes; making a suitable assumption that such changes are frequently caused by malicious or disrupting events. Anomaly detection has been a ground of comprehensive research over the last years as it pretense several challenging problems. In this Paper we present a statistical approach to analysis the allocation of network traffic to recognize the normal network traffic behavior. The Research proposals in anomaly detection naturally follow a fourstage approach, in which the initial three stages define the detection method, while the final stage is dedicated to authenticate the approach method to detect anomalies in network traffic, based on a α -stable model and statistical hypothesis testing. Here we focus on detecting and preventing two anomaly types, namely floods and flash-crowd.here we use NS2 simulator to calculate result. 1.1 INTRODUCTION TO ANOMALY: Network traffic amount provide fundamental traffic characteristics, provisions information for the control of the network, permit modeling and give a probability to develop and plan the use of network resources. It also permits developers to manage the brilliance of network service operations. While network traffic dimension is a well-known and appropriate area, a general method for detecting anomalies in network traffic is an important, unsolved problem (Denning 1986). Anomaly detection aspires at finding the presence of anomalous patterns in network traffic. Usual detection of such outline can provide network administrators with an extra source of information to identify network behaviour or finding the root cause of network faults. [1] 1.2 NATURE OF ANOMALY: A momentous characteristic of an anomaly detection method is the temperament of the preferred anomalies. Anomaly can be classified into following three categories: [2] POINT ANOMALY: If a distinct data occurrence can be calculated as anomalous with admiration to the rest of data, then the case is termed a point anomaly. This is the easiest type of anomaly and is the center of preponderance of examine on anomaly detection RELATIVE ANOMALY: If an information occurrence is anomalous in a precise context, but not or else, then it is characterizing a related anomaly. The notion of a context is entice by the structure in the data set and has to be count as a part of the problem formulation CONTEXTUAL ATTRIBUTES: The contextual attributes are use to control the context (or neighborhood) for that example. For example, in spatial data sets, the longitude and autonomy of a location are the related attributes. In time-series data, time is a contextual attribute that decide the position of an instance on the entire sequence BEHAVIORAL ATTRIBUTES: The behavioral attributes describe the no related characteristics of an instance. For example, in a spatial data set recitation the average rainfall of the entire world, the amount of rainfall at any location is a behavioral attribute. The anomalous performance is indomitable using the values for the behavioral attributes within a specific context. Data instance strength is a contextual anomaly in a given context, but an identical data instance (in terms of behavioral
2 17 attributes) could be measured normal in a different context. This property is key in recognize contextual and behavioral attributes for a contextual anomaly detection technique COLLECTIVE ANOMALY: If a collection of related data instances is anomalous with respect to the entire data set, it is termed a collective anomaly. The individual data instances in a collective anomaly may not be anomalies by themselves, but their occurrence together as a collection is anomalous. The highlighted sequence of events (buffer-overflow, ssh, ftp) correspond to a typical Web-based attack by a remote machine followed by copying of data from the host computer to a remote destination via ftp. It should be noted that this collection of events is an anomaly, but the individual events are not anomalies when they occur in other locations in the sequence. Intrusion detection comes in two flavors: Deterministic systems that rely on matching received traffic with predefined patterns of malicious traffic and statistical systems that derive models of system properties under normal conditions and compare predictions based on them with actual measurements. Research proposal in anomaly detection typically follow a four-stage process, in which the first three phases describe the detection method, while the last phase is enthusiastic to legalize the approach. So, in the first phase, traffic Information are collected from the network (simulated Information by using NS2) (Information collection). Second, Information are analyzed to mine its most relevant features (Information analysis). Third, traffic is classified as normal1 or abnormal (Conclusion) and fourth, the whole approach is validated with various types of traffic anomalies (Justification). 1) Information Collection. 2) Information analysis (feature extraction). 3) Conclusion (classifying normal1 vs. anomalous traffic). 4) Rationalization. Information Collection is classically carried out by polling one or more routers periodically, so that traffic data are collected and stored for posterior analysis in the second stage. Some authors sample data at the packet level, gathering information from headers, latencies, etc., while others prefer to use aggregated traffic as the source of information, often through the use of the Simple Network Management Protocol (SNMP). Sampling data at the packet level provides more information, but at the cost of a higher computational load and dedicated hardware must be employed. Aggregated traffic, on the other hand, gives less information from which to decide for the presence or absence of anomalies, but is a simpler approach and does not need any special hardware. In the Information analysis phase, several techniques can be applied to extract interesting features from present traffic. Some of them contain information theory, wavelets, Information-based measurements, and statistical models of these techniques, the use of statistical models as a way to mine significant features for Information analysis has been found to be very promising, since they concur to for a robust analysis even with small sample sizes (provided that the model is sufficient for real data). Several approaches have been used in the Conclusion stage as well. Classification methods based on neural networks [3], statistical tests, information theory to cite a few, can be found in anomaly detection literature. There seems to be a common point in all of them, though. The conclusion phase bases its decisions on the existence of a reference traffic window, which permit the classification method to assess whether the current traffic window is normal (i.e., it is sufficiently similar to the reference window) or abnormal (i.e., significantly different from the reference window). [4] How the reference window is chosen not only has an impact on the final normal versus abnormal classification rate, but it also decides the exact definition of a traffic anomaly. In the Justification stage, researchers give authority measures about the detection ability of their method according to chosen criterion, which is typically the detection rate in terms of false positives and false negatives (i.e., the fraction of normal traffic patterns incorrectly classified as anomalous and the fraction of anomalous traffic patterns incorrectly classified as normal, respectively). In this Paper, we proposed an anomaly detection and Prevention method based on α-stable distributions which does not need network administrators choose reference traffic windows and it is able to detect and prevent flood and flash crowd anomalies regardless of the presence or absence of abrupt changes in network traffic. 2. LITERATURE SURVEY 2.1 ANOMALY DETECTION: Detecting uncharacteristic traffic is a research theme that had recently conventional a lot of attention. We assembly this issue into two area; network intrusion detection and Internet traffic anomaly detection. The aim of intrusion detection is to watch a network from remote threats, thus, the detection method is examine the traffic at the edge of the protected network where total flows and packet load are usually available. In distinguish, Internet traffic anomaly detection aims at categorize anomalous traffic that is transiting in the core of the Internet where the check traffic is asymmetric due to routing policies, thus, flows are incomplete. Our
3 18 work is dedicated exclusively to Internet traffic anomaly detection, thus, in this paper anomaly detection refers only to this specific domain. For the last decade researchers have taken a strong interest in anomaly detection and proposed different detection methods that are basically monitoring traffic characteristics and discerning outliers. We differentiate different categories of anomaly detection method; the methods monitoring the traffic volume and those monitoring the distribution of traffic features. 2.2 VOLUME BASED ANOMALY DETECTORS: Volume based approaches are watch the number of bytes, packets or flows transmit over time and aims at detecting abnormal variances that represent rude usages of network resources or resource failures. Different methods have been proposed to successfully identify local and global traffic volume variances that stand for respectively short and long lasting anomalies. For example, Barford et al. [5] proposed a method depend on wavelet at scrutinize the traffic volume at different time span. Their technique makes employ of the wavelet analysis to analyze the traffic into three distinct signals presenting local, normal and global variances of the traffic. The crumbling signals are analyzed by a detection process that finds the irregularities and reports the period of time they occur. Since the three signals represent the traffic at different time scales this approach is able to report short and long lasting anomalies. Nevertheless, as the whole traffic is collected into a single signal diagnosing the detected anomalies is Challenging and anomalous flows or IP addresses are left unknown. Soule et al. [6] discuss another detection method that also scrutinizes the traffic volume in matrices. The main idea fundamental of their approach is to represent in a matrix the traffic between nodes of a large network and remove the normal traffic using a Kalman filter. The residual traffic is analyzed with a statistical method that detects anomalous traffic and reports the pair of nodes affected by the anomalous traffic. These volume-based anomaly detectors effectively report volume anomalies while their false positive rate is low. 2.3 TRAFFIC FEATURES BASED ANOMALY DETECTORS: In order to overcome the disadvantage of volume-based anomaly detectors researchers proposed to purify the traffic features that are examine by the anomaly detectors. For example, as numerous anomalies cause abnormal utilization of ports or addresses, examine the distribution of the traffic into the port and address spaces permits to identify anomalous traffic that is not reported by volume-based detectors (e.g., port scan). However, due to the size of analyzed traffic inspecting detailed traffic features is costly and imposes researchers to intricate effective traffic aggregation schemes the main challenge in aggregating network traffic is the tradeoff between preserve a crisp represent ion of the traffic and conserves its motivating characteristics. We differentiate four groups of detection technique in regard to their traffic aggregation scheme; namely, detection methods aggregating the traffic in a single signal, those aggregating the traffic in traffic matrices, methods aggregating traffic in histograms, and the other methods SIGNALS: A signal provides an intuitive and coarse view of the traffic by representing the time evolution of a single characteristic of the traffic. Contrarily to volume based method, here the analyzed signals are obtained from fine-grained measures providing details traffic characteristics. The measure that probably has received the most attention in this research domain is the entropy (i.e., Shannon entropy) TRAFFIC MATRIX: A traffic matrix represents a time series of flows aggregated according to the ingress and egress routers they passed to transit on the network, also called, origin-destination flow (or OD flow). The effectiveness of aggregating traffic into traffic matrices have been validated in a comparative study. Perhaps the most famous anomaly detection method using traffic matrices is the PCA-based detector firstly proposed. Similarly to their volume-based anomaly detector they proposed an anomaly detector relying on PCA but analyzing the distribution of traffic features HISTROGRAM: In Information the distributions of data is commonly studied in the form of histograms. Several works using histograms have been carried out in anomaly detection, for example Dewaele et al. [7] proposed to model flows in histograms and evaluate their geometry using the Gamma distribution model. The normal behavior of the traffic is computed from the distributions of the traffic majority and outliers are reported as anomalous. 3. PROPOSED WORK AND METHODOLOGY The methodical work that is followed to differentiate network traffic and to get anomaly information connected with the traffic examines. The method occupies the steps followed to produce anomaly result. The steps start with examining of the simulated data by
4 19 using (NS2) and ends with a graph representing the abnormal traffic and normal traffic in a time interval. In research proposed method to detect and prevent the anomaly in network traffic, by using the statistical approach and α-stable model. 3.1 STATISTICAL ANOMALY DETECTION: The potential to detect unknown attacks is the strength of statistical anomaly detection systems. Anomaly detection systems derive a model of the normal behavior of a network or system and detect divergence from this normal profile. This enables them to detect known and unknown malicious activities likewise. The normal profile has been derived based on different Information such as system calls on a single host, payload byte patterns in received traffic, or volume and entropy Information over the traffic in a whole network. 3.2 STATISTICAL ANOMALY DETECTION ALGORITHM: STEP: 1 STEP: 2 STEP: 3 Node Initialization I =1 to 10 Initialize Threshold =value Transfer Packets in Sequential Node For I=1 to 10 Xmt (node [i], node (i+1)) If (xmt (node (i), node (i+1)!) Display Anomaly Detected Then, If (Threshold==n) (a) Count the Packet on each Node= Counter Threshold Counter (b) DDoS attack Detected i.e. Flood anomaly detected Else, Display No anomaly found Packet Received (node (i), node (i+1) (c) Display Counter on Node [i] If (i==10) Xmt (node [i-(i-1)], node [i]) Display Flash Anomaly Detected, go to call (b)
5 20 DESIGN OF NETWORK: In this section, Paper presents the Design of our research work. As mentioned we use the NS2 to calculate the result. Here we focus on to detecting and flood and flash crowd anomaly in wireless network. Here we consider the 10 nodes in network and sending the packet at regular interval of time and finding out the behavior of network and providing the proper threshold to calculate the flood anomaly in network [5] P. Barford, J. Kline, D. Plonka, and A. Ron. A signal analysis of network traffic anomalies. IMW '02, pages 71{82, (Cited on pages 11, 25, 32, 57, 91 and 95.) [6] A. Soule, K. Salamatian, and N. Taft. Combining filtering and statistical methods for anomaly detection. IMC '05, pages 331{344, (Cited on page 12.) [7] G. Dewaele, K. Fukuda, P. Borgnat, P. Abry, and K. Cho. Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures. SIGCOMM LSAD '07, pages 145{152, (Cited on pages 3, 5, 13, 17, 22, 25, 32, 35, 40, 48, 57, 91 and 104. Figure 4.1 Nam output showing nodes in wireless networks 5.CONCLUSION: This Paper Presents the idea about the anomaly Detection in network Traffic, and also discusses statistical approach for anomaly Detection in Network Traffic. Ns2 is used for Design of Network and calculating the simulating Result. 6.REFERENCES: [1] D. E. Denning, An intrusion detection model, in Seventh IEEE Symposium on Security and Privacy, 1987, pp [2] Y. Gu, A. McCallum, and D. Towsley, Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation, Proc. Internet Measurement Conf., Oct [3] M. Ramadas, S. Ostermann, and B. Tjaden, Detecting Anomalous Network Traffic with Self- Organizing Maps, Proc. Sixth Int l Symp. Recent Advances in Intrusion Detection, pp , [4] J.Brutlag, Aberrant Behavior Detection in Time Series for Network Monitoring, Proc. USENIX 14th System Administration Conf. (LISA), pp , Dec
A Levy Alpha Stable Model for Anomaly Detection in Network Traffic
A Levy Alpha Stable Model for Anomaly Detection in Network Traffic Diana A Dept of IT, KalasalingamUniversity, Tamilnadu, India E-mail: arul.diana@gmail.com Mercy Christial T Asst. Prof I/IT, Dept of IT,
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationDistributed Anomaly Detection with Network Flow Data
Distributed Anomaly Detection with Network Flow Data Detecting Network-wide Anomalies Carlos García C. 1 Andreas Vöst 2 Jochen Kögel 2 1 TU Darmstadt Telecooperation Group & CASED 2 IsarNet SWS GmbH 2015-07-24
More informationNETWORK TRAFFIC ANALYSIS - A DIFFERENT APPROACH USING INCOMING AND OUTGOING TRAFFIC DIFFERENCES
NETWORK TRAFFIC ANALYSIS - A DIFFERENT APPROACH USING INCOMING AND OUTGOING TRAFFIC DIFFERENCES RENATO PREIGSCHADT DE AZEVEDO, DOUGLAS CAMARGO FOSTER, RAUL CERETTA NUNES, ALICE KOZAKEVICIUS Universidade
More informationMultivariate Correlation Analysis based detection of DOS with Tracebacking
1 Multivariate Correlation Analysis based detection of DOS with Tracebacking Jasheeda P Student Department of CSE Kathir College of Engineering Coimbatore jashi108@gmail.com T.K.P.Rajagopal Associate Professor
More informationINTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGIES, VOL. 02, ISSUE 01, JAN 2014 ISSN
CONSTANT INCREASE RATE DDOS ATTACKS DETECTION USING IP TRACE BACK AND INFORMATION DISTANCE METRICS 1 VEMULA GANESH, 2 B. VAMSI KRISHNA 1 M.Tech CSE Dept, MRCET, Hyderabad, Email: vmlganesh@gmail.com. 2
More informationChallenging the Supremacy of Traffic Matrices in Anomaly Detection
Challenging the Supremacy of Matrices in Detection ABSTRACT Augustin Soule Thomson Haakon Ringberg Princeton University Multiple network-wide anomaly detection techniques proposed in the literature define
More informationIntroduction Challenges with using ML Guidelines for using ML Conclusions
Introduction Challenges with using ML Guidelines for using ML Conclusions Misuse detection Exact descriptions of known bad behavior Anomaly detection Deviations from profiles of normal behavior First proposed
More informationUNCOVERING OF ANONYMOUS ATTACKS BY DISCOVERING VALID PATTERNS OF NETWORK
UNCOVERING OF ANONYMOUS ATTACKS BY DISCOVERING VALID PATTERNS OF NETWORK Dr G.Charles Babu Professor MRE College Secunderabad, India. charlesbabu26@gmail.com N.Chennakesavulu Assoc.Professor Wesley PG
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationINTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGIES, VOL. 02, ISSUE 01, JAN 2014
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGIES, VOL. 02, ISSUE 01, JAN 2014 ISSN 2321 8665 LOW BANDWIDTH DDOS ATTACK DETECTION IN THE NETWORK 1 L. SHIVAKUMAR, 2 G. ANIL KUMAR 1 M.Tech CSC Dept, RVRIET,
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationEvidence Gathering for Network Security and Forensics DFRWS EU Dinil Mon Divakaran, Fok Kar Wai, Ido Nevat, Vrizlynn L. L.
Evidence Gathering for Network Security and Forensics DFRWS EU 2017 Dinil Mon Divakaran, Fok Kar Wai, Ido Nevat, Vrizlynn L. L. Thing Talk outline Context and problem Objective Evidence gathering framework
More informationReview on Data Mining Techniques for Intrusion Detection System
Review on Data Mining Techniques for Intrusion Detection System Sandeep D 1, M. S. Chaudhari 2 Research Scholar, Dept. of Computer Science, P.B.C.E, Nagpur, India 1 HoD, Dept. of Computer Science, P.B.C.E,
More informationA Signal Analysis of Network Traffic Anomalies
A Signal Analysis of Network Traffic Anomalies Paul Barford with Jeffery Kline, David Plonka, Amos Ron University of Wisconsin Madison Fall, Overview Motivation: Anomaly detection remains difficult Objective:
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationA SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK
A SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK P.Priya 1, S.Tamilvanan 2 1 M.E-Computer Science and Engineering Student, Bharathidasan Engineering College, Nattrampalli. 2
More informationSVILUPPO DI UNA TECNICA DI RICONOSCIMENTO STATISTICO DI APPLICAZIONI SU RETE IP
UNIVERSITÀ DEGLI STUDI DI PARMA FACOLTÀ di INGEGNERIA Corso di Laurea Specialistica in Ingegneria delle Telecomunicazioni SVILUPPO DI UNA TECNICA DI RICONOSCIMENTO STATISTICO DI APPLICAZIONI SU RETE IP
More informationDESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN
------------------- CHAPTER 4 DESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN In this chapter, MAC layer based defense architecture for RoQ attacks in Wireless LAN
More informationFlowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks. Anna Giannakou, Daniel Gunter, Sean Peisert
Flowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks Anna Giannakou, Daniel Gunter, Sean Peisert Research Networks Scientific applications that process large amounts of data
More informationintelop Stealth IPS false Positive
There is a wide variety of network traffic. Servers can be using different operating systems, an FTP server application used in the demilitarized zone (DMZ) can be different from the one used in the corporate
More informationDetection and Identification of Network Anomalies Using Sketch Subspaces
Detection and Identification of Network Anomalies Using Sketch Subspaces X. Li F. Bian M. Crovella C. Diot R. Govindan G. Iannaccone A. Lakhina ABSTRACT Network anomaly detection using dimensionality reduction
More informationDetection and Localization of Multiple Spoofing Attackers in Wireless Networks Using Data Mining Techniques
Detection and Localization of Multiple Spoofing Attackers in Wireless Networks Using Data Mining Techniques Nandini P 1 Nagaraj M.Lutimath 2 1 PG Scholar, Dept. of CSE Sri Venkateshwara College, VTU, Belgaum,
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationMeasuring Intrusion Detection Capability: An Information- Theoretic Approach
Measuring Intrusion Detection Capability: An Information- Theoretic Approach Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee Georgia Tech Boris Skoric Philips Research Lab Outline Motivation Problem Why
More informationANOMALY DETECTION USING HOLT-WINTERS FORECAST MODEL
ANOMALY DETECTION USING HOLT-WINTERS FORECAST MODEL Alex Soares de Moura RNP Rede Nacional de Ensino e Pesquisa Rua Lauro Müller, 116 sala 1103 Rio de Janeiro, Brazil alex@rnp.br Sidney Cunha de Lucena
More informationAutonomous Network Security For Detection Of Network Attacks using Cluster
Autonomous Network Security For Detection Of Network Attacks using Cluster Ms.Priti K.Doad Department of CSE, G.H.Raisoni College, Amravati. doad.priti@gmail.com Mr.Mahim M.Bartere Department of CSE, G.H.Raisoni
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationDesign and Development of Secure Data Cache Framework. Please purchase PDF Split-Merge on to remove this watermark.
Design and Development of Secure Data Cache Framework CHAPTER 6 DESIGN AND DEVELOPMENT OF A SECURE DATA CACHE FRAMEWORK The nodes of the MANETs act as host and a router without trustworthy gateways. An
More informationInternational Journal of Data Mining & Knowledge Management Process (IJDKP) Vol.7, No.3, May Dr.Zakea Il-Agure and Mr.Hicham Noureddine Itani
LINK MINING PROCESS Dr.Zakea Il-Agure and Mr.Hicham Noureddine Itani Higher Colleges of Technology, United Arab Emirates ABSTRACT Many data mining and knowledge discovery methodologies and process models
More informationWhat are anomalies and why do we care?
Anomaly Detection Based on V. Chandola, A. Banerjee, and V. Kupin, Anomaly detection: A survey, ACM Computing Surveys, 41 (2009), Article 15, 58 pages. Outline What are anomalies and why do we care? Different
More informationNetwork Traffic Anomaly Detection based on Ratio and Volume Analysis
190 Network Traffic Anomaly Detection based on Ratio and Volume Analysis Hyun Joo Kim, Jung C. Na, Jong S. Jang Active Security Technology Research Team Network Security Department Information Security
More informationThe Subspace Method for Diagnosing Network-Wide Traffic Anomalies. Anukool Lakhina, Mark Crovella, Christophe Diot
The Subspace Method for Diagnosing Network-Wide Traffic Anomalies Anukool Lakhina, Mark Crovella, Christophe Diot What s happening in my network? Is my customer being attacked? probed? infected? Is there
More informationTo Detect and Prevent the anomaly in Network Traffic Based on Statistical approach and α-stable Model
To Detect and Prevent the anomaly in Network Traffic Based on Statistical approach and α-stable Model 1 Anup Bhange 1 M.tech Scholar, Dept CSE 1 Patel Institute of Technology Bhopal 2 Amber Syed 2 Asst.Prof,
More informationINTRUSION RESPONSE SYSTEM TO AVOID ANOMALOUS REQUEST IN RDBMS
Vol.2, Issue.1, Jan-Feb 2012 pp-412-416 ISSN: 2249-6645 INTRUSION RESPONSE SYSTEM TO AVOID ANOMALOUS REQUEST IN RDBMS Akila.L 1, Mrs.DeviSelvam 2 1 II M.E CSE,Sri shakthi Institute Of Engineering and Technology,Anna
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationImpact of Sampling on Anomaly Detection
Impact of Sampling on Anomaly Detection DIMACS/DyDan Workshop on Internet Tomography Chen-Nee Chuah Robust & Ubiquitous Networking (RUBINET) Lab http://www.ece.ucdavis.edu/rubinet Electrical & Computer
More informationAnomaly Detection in Communication Networks
Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u
More informationAnomaly Detection on Data Streams with High Dimensional Data Environment
Anomaly Detection on Data Streams with High Dimensional Data Environment Mr. D. Gokul Prasath 1, Dr. R. Sivaraj, M.E, Ph.D., 2 Department of CSE, Velalar College of Engineering & Technology, Erode 1 Assistant
More informationSUMMERY, CONCLUSIONS AND FUTURE WORK
Chapter - 6 SUMMERY, CONCLUSIONS AND FUTURE WORK The entire Research Work on On-Demand Routing in Multi-Hop Wireless Mobile Ad hoc Networks has been presented in simplified and easy-to-read form in six
More informationASA Access Control. Section 3
[ 39 ] CCNP Security Firewall 642-617 Quick Reference Section 3 ASA Access Control Now that you have connectivity to the ASA and have configured basic networking settings on the ASA, you can start to look
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Professor, SIS Lecture 12 2016 Intrusion Detection, Auditing System Firewalls & VPN 1 Intrusion Detection 2 Intrusion Detection/Response Denning:
More informationCS Review. Prof. Clarkson Spring 2017
CS 5430 Review Prof. Clarkson Spring 2017 Recall: Audit logs Recording: what to log what not to log how to log locally remotely how to protect the log Reviewing: manual exploration automated analysis MANUAL
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationPerformance Analysis of AODV under Worm Hole Attack 1 S. Rama Devi, 2 K.Mamini, 3 Y.Bhargavi 1 Assistant Professor, 1, 2, 3 Department of IT 1, 2, 3
International Journals of Advanced Research in Computer Science and Software Engineering Research Article June 2017 Performance Analysis of AODV under Worm Hole Attack 1 S. Rama Devi, 2 K.Mamini, 3 Y.Bhargavi
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,
More informationEnhanced Multivariate Correlation Analysis (MCA) Based Denialof-Service
International Journal of Computer Science & Mechatronics A peer reviewed International Journal Article Available online www.ijcsm.in smsamspublications.com Vol.1.Issue 2. 2015 Enhanced Multivariate Correlation
More informationProject Proposal. ECE 526 Spring Modified Data Structure of Aho-Corasick. Benfano Soewito, Ed Flanigan and John Pangrazio
Project Proposal ECE 526 Spring 2006 Modified Data Structure of Aho-Corasick Benfano Soewito, Ed Flanigan and John Pangrazio 1. Introduction The internet becomes the most important tool in this decade
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationTowards Traffic Anomaly Detection via Reinforcement Learning and Data Flow
Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow Arturo Servin Computer Science, University of York aservin@cs.york.ac.uk Abstract. Protection of computer networks against security
More informationDenial of Service (DoS)
Flood Denial of Service (DoS) Comp Sci 3600 Security Outline Flood 1 2 3 4 5 Flood 6 7 8 Denial-of-Service (DoS) Attack Flood The NIST Computer Security Incident Handling Guide defines a DoS attack as:
More informationNetwork Security. Chapter 0. Attacks and Attack Detection
Network Security Chapter 0 Attacks and Attack Detection 1 Attacks and Attack Detection Have you ever been attacked (in the IT security sense)? What kind of attacks do you know? 2 What can happen? Part
More informationDetecting Botnets Using Cisco NetFlow Protocol
Detecting Botnets Using Cisco NetFlow Protocol Royce Clarenz C. Ocampo 1, *, and Gregory G. Cu 2 1 Computer Technology Department, College of Computer Studies, De La Salle University, Manila 2 Software
More informationToward a Reliable Data Transport Architecture for Optical Burst-Switched Networks
Toward a Reliable Data Transport Architecture for Optical Burst-Switched Networks Dr. Vinod Vokkarane Assistant Professor, Computer and Information Science Co-Director, Advanced Computer Networks Lab University
More informationAutomated Classification of Network Traffic Anomalies
Automated Classification of Network Traffic Anomalies Guilherme Fernandes and Philippe F. Owezarski LAAS - CNRS Université detoulouse 7 Avenue du Colonel Roche 31077 Toulouse, France owe@laas.fr Abstract.
More informationMcPAD and HMM-Web: two different approaches for the detection of attacks against Web applications
McPAD and HMM-Web: two different approaches for the detection of attacks against Web applications Davide Ariu, Igino Corona, Giorgio Giacinto, Fabio Roli University of Cagliari, Dept. of Electrical and
More informationA hybrid IP Trace Back Scheme Using Integrate Packet logging with hash Table under Fixed Storage
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 12, December 2013,
More informationAnalyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks. Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer The Beautiful World of IoT 06.03.2018 garcia@tk.tu-darmstadt.de
More informationDetecting Anomalies in Network Traffic Using Maximum Entropy Estimation
Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation Yu Gu, Andrew McCallum, Don Towsley Department of Computer Science, University of Massachusetts, Amherst, MA 01003 Abstract We develop
More informationDeveloping the Sensor Capability in Cyber Security
Developing the Sensor Capability in Cyber Security Tero Kokkonen, Ph.D. +358504385317 tero.kokkonen@jamk.fi JYVSECTEC JYVSECTEC - Jyväskylä Security Technology - is the cyber security research, development
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 22-1 1. Intruders 2. Intrusion
More informationIntrusion Detection by Combining and Clustering Diverse Monitor Data
Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationSimulation of the effectiveness evaluation process of security systems
IOP Conference Series: Materials Science and Engineering PAPER OPEN ACCESS Simulation of the effectiveness evaluation process of security systems To cite this article: A V Godovykh et al 2016 IOP Conf.
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationAnomaly Extraction in Backbone Networks Using Association Rules
Anomaly Extraction in Backbone Networks Using Association Rules Daniela Brauckhoff, Xenofontas Dimitropoulos, Arno Wagner, Kavé Salamatian To cite this version: Daniela Brauckhoff, Xenofontas Dimitropoulos,
More informationAUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID
AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID Sherif Abdelwahed Department of Electrical and Computer Engineering Mississippi State University Autonomic Security Management Modern
More informationOSSIM Fast Guide
----------------- OSSIM Fast Guide ----------------- February 8, 2004 Julio Casal http://www.ossim.net WHAT IS OSSIM? In three phrases: - VERIFICATION may be OSSIM s most valuable contribution
More informationBinary Protector: Intrusion Detection in Multitier Web Applications
Binary Protector: Intrusion Detection in Multitier Web Applications C. Venkatesh 1 D.Nagaraju 2 T.Sunil Kumar Reddy 3 1 P.G Scholar, CSE Dept, Sir Vishveshwariah Institute of Science and Technology 2 Assistant
More informationFPGA Based Distributed Network Intrusion Detection in Smart Grids Using Naives Bayes Classifier
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 7 (2014), pp. 747-752 International Research Publications House http://www. irphouse.com FPGA Based Distributed
More informationEFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 8, August 2014,
More informationImproved Detection of Low-Profile Probes and Denial-of-Service Attacks*
Improved Detection of Low-Profile Probes and Denial-of-Service Attacks* William W. Streilein Rob K. Cunningham, Seth E. Webster Workshop on Statistical and Machine Learning Techniques in Computer Intrusion
More informationIntrusion Detection System using AI and Machine Learning Algorithm
Intrusion Detection System using AI and Machine Learning Algorithm Syam Akhil Repalle 1, Venkata Ratnam Kolluru 2 1 Student, Department of Electronics and Communication Engineering, Koneru Lakshmaiah Educational
More informationInfluence of Data-Reduction Techniques on Traffic Anomaly Detection
Influence of Data-Reduction Techniques on Traffic Anomaly Detection Paper #232, 14 pages ABSTRACT Statistical techniques for detecting anomalous traffic can be an invaluable tool for the operators of large
More informationDDoS Attacks Classification using Numeric Attribute-based Gaussian Naive Bayes
DDoS Attacks Classification using Numeric Attribute-based Gaussian Naive Bayes Abdul Fadlil Department of Electrical Engineering Ahmad Dahlan University Yogyakarta, Indonesia Imam Riadi Department of Information
More informationScrutinizer Flow Analytics
Scrutinizer Flow Analytics TM Scrutinizer Flow Analytics Scrutinizer Flow Analytics is an expert system that highlights characteristics about the network. It uses flow data across dozens or several hundred
More informationDetection of Anomalies using Online Oversampling PCA
Detection of Anomalies using Online Oversampling PCA Miss Supriya A. Bagane, Prof. Sonali Patil Abstract Anomaly detection is the process of identifying unexpected behavior and it is an important research
More informationUNSUPERVISED LEARNING FOR ANOMALY INTRUSION DETECTION Presented by: Mohamed EL Fadly
UNSUPERVISED LEARNING FOR ANOMALY INTRUSION DETECTION Presented by: Mohamed EL Fadly Outline Introduction Motivation Problem Definition Objective Challenges Approach Related Work Introduction Anomaly detection
More information"Charting the Course... TSHOOT Troubleshooting and Maintaining Cisco IP Networks Course Summary
Course Summary Description This course is designed to help network professionals improve the skills and knowledge that they need to maintain their network and to diagnose and resolve network problems quickly
More informationA simple mathematical model that considers the performance of an intermediate node having wavelength conversion capability
A Simple Performance Analysis of a Core Node in an Optical Burst Switched Network Mohamed H. S. Morsy, student member, Mohamad Y. S. Sowailem, student member, and Hossam M. H. Shalaby, Senior member, IEEE
More informationData Sources for Cyber Security Research
Data Sources for Cyber Security Research Melissa Turcotte mturcotte@lanl.gov Advanced Research in Cyber Systems, Los Alamos National Laboratory 14 June 2018 Background Advanced Research in Cyber Systems,
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationCisco Intrusion Prevention Solutions
Cisco Intrusion Prevention Solutions Proactive Integrated, Collaborative, and Adaptive Network Protection Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationInformation, Gravity, and Traffic Matrices
Information, Gravity, and Traffic Matrices Yin Zhang, Matthew Roughan, Albert Greenberg, Nick Duffield, David Donoho 1 Problem Have link traffic measurements Want to know demands from source to destination
More informationBUILDING A NEXT-GENERATION FIREWALL
How to Add Network Intelligence, Security, and Speed While Getting to Market Faster INNOVATORS START HERE. EXECUTIVE SUMMARY Your clients are on the front line of cyberspace and they need your help. Faced
More informationCisco IOS Classic Firewall/IPS: Configuring Context Based Access Control (CBAC) for Denial of Service Protection
Cisco IOS Classic Firewall/IPS: Configuring Context Based Access Control (CBAC) for Denial of Service Protection Document ID: 98705 Contents Introduction Prerequisites Requirements Components Used Conventions
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationDetecting Protected Layer-3 Rogue APs
Detecting Protected Layer-3 Rogue APs Authors: Hongda Yin, Guanling Chen, and Jie Wang Department of Computer Science, University of Massachusetts Lowell Presenter: Bo Yan Department of Computer Science
More informationBroadband Internet Access Disclosure
Broadband Internet Access Disclosure This document provides information about the network practices, performance characteristics, and commercial terms applicable broadband Internet access services provided
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Datasheet SIEM in a nutshell The variety of cyber-attacks is extraordinarily large. Phishing, DDoS attacks in combination with ransomware demanding bitcoins
More informationImplementation of a leaky bucket module for simulations in NS-3
Implementation of a leaky bucket module for simulations in NS-3 P. Baltzis 2, C. Bouras 1,2, K. Stamos 1,2,3, G. Zaoudis 1,2 1 Computer Technology Institute and Press Diophantus Patra, Greece 2 Computer
More informationManaging Network Bandwidth to Maximize Performance
Managing Network Bandwidth to Maximize Performance With increasing bandwidth demands, network professionals are constantly looking to optimize network resources, ensure adequate bandwidth, and deliver
More informationSupporting Service Differentiation for Real-Time and Best-Effort Traffic in Stateless Wireless Ad-Hoc Networks (SWAN)
Supporting Service Differentiation for Real-Time and Best-Effort Traffic in Stateless Wireless Ad-Hoc Networks (SWAN) G. S. Ahn, A. T. Campbell, A. Veres, and L. H. Sun IEEE Trans. On Mobile Computing
More informationSystematic Detection And Resolution Of Firewall Policy Anomalies
Systematic Detection And Resolution Of Firewall Policy Anomalies 1.M.Madhuri 2.Knvssk Rajesh Dept.of CSE, Kakinada institute of Engineering & Tech., Korangi, kakinada, E.g.dt, AP, India. Abstract: In this
More informationTO DETECT AND RECOVER THE AUTHORIZED CLI- ENT BY USING ADAPTIVE ALGORITHM
TO DETECT AND RECOVER THE AUTHORIZED CLI- ENT BY USING ADAPTIVE ALGORITHM Anburaj. S 1, Kavitha. M 2 1,2 Department of Information Technology, SRM University, Kancheepuram, India. anburaj88@gmail.com,
More informationGet the skills to maintain your networks and to diagnose and resolve network problems quickly and effectively.
Cisco CCNP - HD Telepresence TSHOOT: Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) 2.0 Get the skills to maintain your networks and to diagnose and resolve network problems quickly and effectively.
More information