Multivariate statistical analysis of network traffic for intrusion detection

被引：6

作者：

Kanaoka, A ^{[1
]}

Okamoto, E ^{[1
]}

机构：

[1] Univ Tsukuba, Tsukuba, Ibaraki 305, Japan

来源：

14TH INTERNATIONAL WORKSHOP ON DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS | 2003年

关键词：

D O I：

10.1109/DEXA.2003.1232068

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

In the field of intrusion detection research, it is often said that anomaly detection has high false positive (FP) rate, though no sufficient analysis is presented so far. To investigate this assertion, this paper analyzes network traffic data using multivariate statistical analysis method. Data set used for the analysis is 1998 DARPA Intrusion Detection Evaluation Data. The information type applied to detect intrusion has been chosen empirically or intuitively. Our result supports that such information type is correct, and moreover online processing achieves lower FP rate with high attack detection rate than batch processing in most cases.

引用

页码：472 / 476

页数：5

共 9 条

[1] LIPPMANN RP, 2000, P DARPA INF SURV C E, V2, P1012
[2] Marchette D, 1999, PROCEEDINGS OF THE WORKSHOP ON INTRUSION DETECTION AND NETWORK MONITORING (ID '99), P119
[3] MARCHETTE DJ, 2001, COMPUTER INTRUSION D
[4] McHugh J., 2000, ACM Transactions on Information and Systems Security, V3, P262, DOI 10.1145/382912.382923
[5] McHugh J, 2000, LECT NOTES COMPUT SC, V1907, P145
[6] *MIT LINC LAB, DARPA INTR DET EV
[7] Ning Peng, 2002, P 9 ACM C COMP COMM, P245, DOI DOI 10.1145/586110.586144
[8] Sekar R., 2002, P 9 ACM C COMPUTER C, P265, DOI DOI 10.1145/586110.586146
[9] Uppuluri P., 2001, International Workshop on Recent Advances in Intrusion Detection, V2212, P172

← 1 →