Intrusion Detection Using Geometrical Structure

Author

Jamdagni, Aruna ; Tan, Zhiyuan ; Nanda, Priyadarsi ; He, Xiangjian ; Liu, Ren

Author_Institution

Centre for Innovation in IT Services & Applic. (iNEXT), Univ. of Technol., Sydney, Sydney, NSW, Australia

fYear

2009

fDate

17-19 Dec. 2009

Firstpage

327

Lastpage

333

Abstract

We propose a statistical model, namely geometrical structure anomaly detection (GSAD) to detect intrusion using the packet payload in the network. GSAD takes into account the correlations among the packet payload features arranged in a geometrical structure. The representation is based on statistical analysis of Mahalanobis distances among payload features, which calculate the similarity of new data against pre-computed profile. It calculates weight factor to determine anomaly in the payload. In the 1999 DARPA intrusion detection evaluation data set, we conduct several tests for limited attacks on port 80 and port 25. Our approach establishes and identifies the correlation among packet payloads in a network.

Keywords

computer network security; statistical analysis; Mahalanobis distances; geometrical structure anomaly detection; intrusion detection; packet payload; statistical analysis; Application software; Australia; Computer science; Genetic mutations; Information technology; Intrusion detection; Pattern recognition; Payloads; Solid modeling; Technological innovation; Geometrical Structure; Intusion Detection; Mahalanobis Distance; Pattern Recognition; Payload;

fLanguage

English

Publisher

ieee

Conference_Titel

Frontier of Computer Science and Technology, 2009. FCST '09. Fourth International Conference on

Conference_Location

Shanghai

Print_ISBN

978-0-7695-3932-4

Electronic_ISBN

978-1-4244-5467-9

Type

conf

DOI

10.1109/FCST.2009.97

Filename

5392898