Title :
Context-based Profiling for Anomaly Intrusion Detection with Diagnosis
Author :
Salem, Benferhat ; Karim, Tabia
Author_Institution :
CNRS, Univ. d´´Artois, Lens
Abstract :
Anomaly detection approaches are generally efficient in detecting new attacks. However, they fail in providing any further information regarding the nature of attacks. The first contribution of this paper is to equip an anomaly detection approach with a diagnosis module that classifies anomaly approach outputs in one among well known attack categories. The second contribution concerns a context-based definition of normal network traffic profiles. We provide experimental studies showing for instance that considering normal profile for each service provides better results than considering a unique global normal profile.
Keywords :
security of data; telecommunication traffic; anomaly intrusion detection; attack detection; context-based network traffic profile; Availability; Error analysis; Event detection; Fuses; Intrusion detection; Lenses; Phase estimation; Security; Telecommunication traffic; Training data; Anomaly detection; diagnosis; traffic profiling.;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.150
