Network Intrusion Detection Using CFAR Abrupt-Change Detectors

Author

He, Di ; Leung, Henry

Author_Institution

Shanghai Jiao Tong Univ., Shanghai

Volume

57

Issue

3

fYear

2008

fDate

3/1/2008 12:00:00 AM

Firstpage

490

Lastpage

497

Abstract

In this paper, the constant false alarm rate (CFAR) detectors are proposed for network intrusion detection. By using an autoregressive system to model the network traffic, predictor error is shown to closely follow a Gaussian distribution. CFAR detector approaches are then developed on the prediction error distribution. In the present study, we consider the optimal CFAR, the cell-averaging CFAR, and the order statistics CFAR. The use of these CFAR techniques can significantly improve the detection performance. In addition, we propose the use of fusion of these CFAR detectors by using Dempster-Shafer and Bayesian techniques. Computer simulations based on the DARPA traffic data show that the proposed approach achieves higher detection probabilities than the conventional detection method. Even under different types of attacks, the intrusion detection performances based on the proposed CFAR detectors shows consistent improvement.

Keywords

Bayes methods; Gaussian processes; autoregressive processes; security of data; Bayesian techniques; Gaussian distribution; autoregressive system; constant false alarm rate detectors; network intrusion detection; network traffic; prediction error distribution; predictor error; Bayesian methods; Computer errors; Computer simulation; Detectors; Gaussian distribution; Intrusion detection; Predictive models; Statistical distributions; Telecommunication traffic; Traffic control; Cell-averaging (CA-CFAR); Dempster–Shafer; constant false alarm rate (CFAR); detector fusion; intrusion detection; network traffic model; optimal CFAR; order statistics CFAR (OS-CFAR);

fLanguage

English

Journal_Title

Instrumentation and Measurement, IEEE Transactions on

Publisher

ieee

ISSN

0018-9456

Type

jour

DOI

10.1109/TIM.2007.910108

Filename

4447385