• DocumentCode
    418331
  • Title

    Differentiating network conversation flow for intrusion detection and diagnostics

  • Author

    McEachen, John C. ; Zachary, John M. ; Ettlich, Daniel W.

  • Author_Institution
    Dept. of Electr. & Comput. Eng., Naval Postgraduate Sch., Monterey, CA, USA
  • Volume
    4
  • fYear
    2004
  • fDate
    23-26 May 2004
  • Abstract
    We present a novel approach to detecting anomalous network events. Specifically, a method for characterizing and displaying the flow of conversations across a distributed system with a high number of interacting entities is discussed and analyzed. Results from simulated laboratory experiments as well as observations from operational network traffic are presented. These results suggest that our approach presents a unique perspective on anomalies in computer network traffic. Additionally, this approach produces a normal statistic that could viably be analyzed with ML/MSE estimators.
  • Keywords
    Internet; computer networks; mean square error methods; safety systems; telecommunication traffic; MSE estimators; anomalous network events; diagnostics; distributed computer network traffic; intrusion detection; network conversation flow; operational network traffic; Computational modeling; Computer networks; Event detection; Intrusion detection; Laboratories; Maximum likelihood estimation; Statistical analysis; Statistical distributions; Telecommunication traffic; Traffic control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Circuits and Systems, 2004. ISCAS '04. Proceedings of the 2004 International Symposium on
  • Print_ISBN
    0-7803-8251-X
  • Type

    conf

  • DOI
    10.1109/ISCAS.2004.1329043
  • Filename
    1329043
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=418331