Frequent episode rules for Internet anomaly detection

被引:0
作者
Qin, M [1 ]
Hwang, K [1 ]
机构
[1] Univ So Calif, Los Angeles, CA 90089 USA
来源
THIRD IEEE INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS, PROCEEDINGS | 2004年
关键词
network security; intrusion detection; traffic datamining; anomaly detection; false alarms; grid computing;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
This paper introduces a new Internet trace technique for generating frequent episode rules to characterize Internet traffic events. These episode rules are used to distinguish anomalous sequences of TCP, UDP, or ICMP connections from normal traffic episodes. Fundamental pruning techniques are introduced to reduce the rule search space by 70%. The new detection scheme was tested over real-life Internet trace data at USC. Our anomaly detection scheme results in a success rate of 47% for DoS, R2L, and port-scanning attacks. These results demonstrate an average of 51% improvement over the use of association rules. We experienced 20 or less false alarms over 200 network attacks in 9 days of tracing experiments. This anomaly detection scheme can be used jointly with signature-based IDS to achieve even higher detection efficiency.
引用
收藏
页码:161 / 168
页数:8
相关论文
共 50 条
  • [41] Automatic Classification Rules for Anomaly Detection in Time-Series
    Ben Kraiem, Ines
    Ghozzi, Faiza
    Peninou, Andre
    Roman-Jimenez, Geoffrey
    Teste, Olivier
    RESEARCH CHALLENGES IN INFORMATION SCIENCE (RCIS 2020), 2020, 385 : 321 - 337
  • [42] A Method of Route Leak Anomaly Detection Based on Heuristic Rules
    Liu, Jingwei
    Yang, Bin
    Liu, Jinju
    Lug, Yuliang
    Zhu, Kailong
    PROCEEDINGS OF THE ADVANCES IN MATERIALS, MACHINERY, ELECTRICAL ENGINEERING (AMMEE 2017), 2017, 114 : 662 - 666
  • [43] Anomaly detection using invariant rules in Industrial Control Systems
    Zhu, Qilin
    Ding, Yulong
    Jiang, Jie
    Yang, Shuang-Hua
    CONTROL ENGINEERING PRACTICE, 2025, 154
  • [44] An Improved Anomaly Detection Method Based on Fuzzy Association Rules
    Yang, Zifen
    PROCEEDINGS OF THE 2011 INTERNATIONAL CONFERENCE ON INFORMATICS, CYBERNETICS, AND COMPUTER ENGINEERING (ICCE2011), VOL 1: INTELLIGENT CONTROL AND NETWORK COMMUNICATION, 2011, 110 (01): : 441 - 447
  • [45] Data relative currency repair and anomaly detection based on rules
    Duan, Xuliang
    Xiao, Zeyan
    Liu, Yuhai
    Li, Zhiyao
    Zhu, Qingsong
    Lang, Songsong
    EXPERT SYSTEMS WITH APPLICATIONS, 2024, 243
  • [46] Anomaly Detection in Fog Computing Architectures Using Custom Tab Transformer for Internet of Things
    Alzahrani, Abdullah I. A.
    Al-Rasheed, Amal
    Ksibi, Amel
    Ayadi, Manel
    Asiri, Mashael M. M.
    Zakariah, Mohammed
    ELECTRONICS, 2022, 11 (23)
  • [47] A Novel HTTP Anomaly Detection Framework Based on Edge Intelligence for the Internet of Things (IoT)
    An, Yufei
    Li, Jianqiang
    Yu, F. Richard
    Chen, Jianyong
    Leung, Victor C. M.
    IEEE WIRELESS COMMUNICATIONS, 2021, 28 (02) : 159 - 165
  • [48] Employing invariants for anomaly detection in software defined networking based industrial internet of things
    Madhawa, Surendar
    Balakrishnan, P.
    Arumugam, Umamakeswari
    JOURNAL OF INTELLIGENT & FUZZY SYSTEMS, 2018, 35 (02) : 1267 - 1279
  • [49] An Information-Theoretic Approach for Anomaly Detection in RPL-Based Internet of Things
    La, Vinh Hoa
    de Oca, Edgardo Montes
    Cavalli, Ana
    INTERNET OF THINGS, IFIPIOT 2024, 2025, 737 : 96 - 111
  • [50] A second-order statistical detection approach with application to Internet anomaly detection
    Jin, SY
    Yeung, DS
    Wang, XZ
    Proceedings of 2005 International Conference on Machine Learning and Cybernetics, Vols 1-9, 2005, : 3260 - 3264
12345