Title :
A second-order statistical detection approach with application to Internet anomaly detection
Author :
Jin, Shu-Yuan ; Yeung, Daniel S. ; Wang, Xi-Zhao
Author_Institution :
Dept. of Comput., HongKong Polytech. Univ., China
Abstract :
Detecting multiple network attacks is essential to intrusion detection, network prevention, security defense and network traffic management. But in today´s distributed computer networks, the various and frequent attacks make an effective detection difficult. This paper presents a covariance matrix based second-order statistical method to detect multiple known and unknown network anomalies. The detection method is initially based on the observations of the correlativity changes in typical flooding DoS attacks. It utilizes the difference of covariance matrices among observed samples in the detection. As case studies, extensive experiments are conducted to detect multiple DoS attacks - the prevalent Internet anomalies. The experimental results indicate that the proposed approach achieves high detection rates in detecting multiple known and unknown anomalies.
Keywords :
Internet; computer network management; covariance matrices; security of data; telecommunication security; telecommunication traffic; Internet anomaly detection; covariance matrix; distributed computer networks; flooding DoS attacks; intrusion detection; network anomaly; network attacks; network prevention; network traffic management; second-order statistical detection; security defense; Application software; Computer crime; Computer network management; Covariance matrix; Detection algorithms; Floods; Internet; Intrusion detection; Statistical analysis; Telecommunication traffic; Anomaly detection; DoS attacks; covariance matrix; second-order statistics;
Conference_Titel :
Machine Learning and Cybernetics, 2005. Proceedings of 2005 International Conference on
Conference_Location :
Guangzhou, China
Print_ISBN :
0-7803-9091-1
DOI :
10.1109/ICMLC.2005.1527505
