Title :
An Approach to Model Normal Network Behaviors Based on Entire Network Packets
Author :
Tie-shan, Zhao ; Zeng-zhi, Li ; Ze-ming, Wang ; Xiao-fen, Lin
Author_Institution :
Xi-chang Satellite Launch Center, Xi-chang
Abstract :
Anomaly detection can detect unknown or new intrusions, and there are increasing interest in it. A normal network behavior model is necessary in any anomaly detection. Assuming that abnormal network behaviors are obviously different from normal ones, there should be some abnormal network packets that are obviously different from normal packets. Normal network packets are disassembled into binary strings whose lengths are l, and all the strings construct a set Unormal. The normal network behavior model is a set Umodel. The length of each element in Umodel is also l. Umodel is made up of those elements each of which matches at least one element in Unormal and doesn´t match any other element in Umodel. Normal network behaviors hide in Umodel. The size of Umodel is discussed. Experimental results indicate that abnormal network behaviors can feasibly be detected with Umodel. Further work is to construct a more feasible Umodel to put into practice.
Keywords :
computer networks; set theory; telecommunication security; anomaly detection; binary strings; intrusion detection; network packets; normal network behavior modeling; Cities and towns; Computer architecture; Computer vision; Data mining; Electronic mail; Humans; Intrusion detection; Protocols; Satellites; Spatial databases;
Conference_Titel :
Networking, Sensing and Control, 2008. ICNSC 2008. IEEE International Conference on
Conference_Location :
Sanya
Print_ISBN :
978-1-4244-1685-1
Electronic_ISBN :
978-1-4244-1686-8
DOI :
10.1109/ICNSC.2008.4525439
