Network intrusion and fault detection: a statistical anomaly approach
Top Cited Papers
- 10 December 2002
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Communications Magazine
- Vol. 40 (10), 76-82
- https://doi.org/10.1109/mcom.2002.1039860
Abstract
With the advent and explosive growth of the global Internet and electronic commerce environments, adaptive/automatic network/service intrusion and anomaly detection in wide area data networks and e-commerce infrastructures is fast gaining critical research and practical importance. We present and demonstrate the use of a general-purpose hierarchical multitier multiwindow statistical anomaly detection technology and system that operates automatically, adaptively, and proactively, and can be applied to various networking technologies, including both wired and wireless ad hoc networks. Our method uses statistical models and multivariate classifiers to detect anomalous network conditions. Some numerical results are also presented that demonstrate that our proposed methodology can reliably detect attacks with traffic anomaly intensity as low as 3-5 percent of the typical background traffic intensity, thus promising to generate an effective early warning.Keywords
This publication has 6 references indexed in Scilit:
- NetSTAT: a network-based intrusion detection approachPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Neural networks applied in intrusion detection systemsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Computer attack trends challenge Internet securityComputer, 2002
- Adaptive and automated detection of service anomalies in transaction-oriented WANs: network analysis, algorithms, implementation, and deploymentIEEE Journal on Selected Areas in Communications, 2000
- A network security monitorPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1990
- An Intrusion-Detection ModelIEEE Transactions on Software Engineering, 1987