A second-order statistical detection approach with application to Internet anomaly detection

Detecting multiple network attacks is essential to intrusion detection, network prevention, security defense and network traffic management. But in today´s distributed computer networks, the various and frequent attacks make an effective detection difficult. This paper presents a covariance matrix based second-order statistical method to detect multiple known and unknown network anomalies. The detection method is initially based on the observations of the correlativity changes in typical flooding DoS attacks. It utilizes the difference of covariance matrices among observed samples in the detection. As case studies, extensive experiments are conducted to detect multiple DoS attacks - the prevalent Internet anomalies. The experimental results indicate that the proposed approach achieves high detection rates in detecting multiple known and unknown anomalies.