Title :
Network Intrusion Detection Using CFAR Abrupt-Change Detectors
Author :
He, Di ; Leung, Henry
Author_Institution :
Shanghai Jiao Tong Univ., Shanghai
fDate :
3/1/2008 12:00:00 AM
Abstract :
In this paper, the constant false alarm rate (CFAR) detectors are proposed for network intrusion detection. By using an autoregressive system to model the network traffic, predictor error is shown to closely follow a Gaussian distribution. CFAR detector approaches are then developed on the prediction error distribution. In the present study, we consider the optimal CFAR, the cell-averaging CFAR, and the order statistics CFAR. The use of these CFAR techniques can significantly improve the detection performance. In addition, we propose the use of fusion of these CFAR detectors by using Dempster-Shafer and Bayesian techniques. Computer simulations based on the DARPA traffic data show that the proposed approach achieves higher detection probabilities than the conventional detection method. Even under different types of attacks, the intrusion detection performances based on the proposed CFAR detectors shows consistent improvement.
Keywords :
Bayes methods; Gaussian processes; autoregressive processes; security of data; Bayesian techniques; Gaussian distribution; autoregressive system; constant false alarm rate detectors; network intrusion detection; network traffic; prediction error distribution; predictor error; Bayesian methods; Computer errors; Computer simulation; Detectors; Gaussian distribution; Intrusion detection; Predictive models; Statistical distributions; Telecommunication traffic; Traffic control; Cell-averaging (CA-CFAR); Dempster–Shafer; constant false alarm rate (CFAR); detector fusion; intrusion detection; network traffic model; optimal CFAR; order statistics CFAR (OS-CFAR);
Journal_Title :
Instrumentation and Measurement, IEEE Transactions on
DOI :
10.1109/TIM.2007.910108
