• DocumentCode
    1707460
  • Title

    Host anomalies from network data

  • Author

    Gates, Christopher ; Becknel, Damon

  • Author_Institution
    Fac. of Comput. Sci., Dalhousie Univ., NB, Canada
  • fYear
    2005
  • Firstpage
    325
  • Lastpage
    332
  • Abstract
    Network administrators need to be able to quickly synthesize a large amount of raw data into comprehensive information and knowledge about a network system in order to determine if there is any unusual activity occurring on that network. This paper presents some initial results of a simplistic baselining method applied to a class B-sized network. These baselines are then used as the basis for an anomaly detection system that examines unusual amounts of activity to any one port on any one host. Thus we provide a system that can detect changes in the activity of any one host, regardless of whether those changes are noticeable when observing overall traffic behavior.
  • Keywords
    computer networks; security of data; telecommunication security; telecommunication traffic; activity change detection; class B-sized network; host anomaly; network administrators; network anomaly detection system; network data; network intrusion detection; network system; network traffic behavior; simplistic baselining method; unusual activity; Communication channels; Computer science; Computerized monitoring; Intrusion detection; Military computing; Network synthesis; Pattern analysis; Peer to peer computing; System testing; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
  • Print_ISBN
    0-7803-9290-6
  • Type

    conf

  • DOI
    10.1109/IAW.2005.1495970
  • Filename
    1495970
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1707460