• DocumentCode
    2575172
  • Title

    Flow Anomaly Detection in Firewalled Networks

  • Author

    Chapple, Michael J. ; Wright, Timothy E. ; Winding, Robert M.

  • Author_Institution
    Notre Dame Univ., IN
  • fYear
    2006
  • fDate
    Aug. 28 2006-Sept. 1 2006
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    Most contemporary intrusion detection systems rely upon comprehensive signature databases containing the characteristics of known attacks, leaving them unable to detect novel attacks. In this paper, we propose the flow anomaly detection system (FADS), an anomaly detection system based upon the analysis of network flow data in controlled environments. We show that the standard deviation and interquartile range techniques produce a manageable number of alerts when applied to this data and demonstrate the effectiveness of the system through analysis of case studies. We also demonstrate that FADS´ performance is sufficient to facilitate implementation as an anomaly detection system
  • Keywords
    authorisation; computer networks; comprehensive signature databases; firewalled networks; flow anomaly detection system; interquartile range techniques; intrusion detection systems; network flow data; Bandwidth; Computer crime; Control systems; Databases; Flow production systems; Intelligent networks; Intrusion detection; Production systems; Statistical analysis; Web and internet services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Securecomm and Workshops, 2006
  • Conference_Location
    Baltimore, MD
  • Print_ISBN
    1-4244-0423-1
  • Electronic_ISBN
    1-4244-0423-1
  • Type

    conf

  • DOI
    10.1109/SECCOMW.2006.359576
  • Filename
    4198836
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2575172