Detecting Anomalous Traffic Using Statistical Discriminator and Neural Decisional Motor

Baldassarri, Paola; Montesanto, Anna; Puliti, Paolo

doi:10.1007/978-3-540-73053-8_37

Paola Baldassarri¹,
Anna Montesanto¹ &
Paolo Puliti¹

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4527))

Included in the following conference series:

International Work-Conference on the Interplay Between Natural and Artificial Computation

1028 Accesses
2 Citations

Abstract

One of the main challenges in the information security concerns the introduction of systems able to identify intrusions. In this ambit this work takes place describing a new Intrusion Detection System based on anomaly approach. We realized a system with a hybrid solution between host-based and network-based approaches, and it consisted of two subsystems: a statistical system and a neural one. The features extracted from the network traffic belong only to the IP Header and their trend allows us detecting through a simple visual inspection if an attack occurred. Really the two-tier neural system has to indicate the status of the system. It classifies the traffic of the monitored host, distinguishing the background traffic from the anomalous one. Besides, a very important aspect is that the system is able to classify different instances of the same attack in the same class, establishing which attack occurs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Ghosh, A.K., Wanken, J., Charron, F.: Detection Anomalous and Unknown Intrusions Against Programs. In: Proceedings of IEEE 14th Annual Computer Security Applications Conference, pp. 259–267 (1998)
Google Scholar
Haines, J.W., Lippmann, R.P., Fried, D.J., Tran, E., Boswell, S., Zissman, M.A.: 1999 DARPA Intrusion Detection System Evaluation: Design and Procedures, MIT Lincoln Laboratory Technical Report (1999)
Google Scholar
Horeis, T.: Intrusion Detection with Neural Networks - Combination of Self-Organizing Maps and Radial Basis Function Networks for Human Expert Integration. Computational Intelligence Society Student Research Grants (2003)
Google Scholar
Kohonen, T.: Self-Organizing Maps, 3rd edn. Springer, Berlin (2001)
MATH Google Scholar
Labib, K., Vemuri, V.R.: Detecting and Visualizing Denial-of-Service and Network Probe Attacks Using Principal Component Analysis. In: The 3rd Conference on Security and Network Architectures, La Londe, Cote d’Azur, France (2004)
Google Scholar
Lee, W., Stolfo, S.J., Mok, K.: A Data Mining Framework for Building Intrusion Detection Models. In: Proceedings of 1999 IEEE Symposium of Security and Privacy, pp. 120–132 (1999)
Google Scholar
Lichodzijewski, P., Zincir-Heywood, A.N., Heywood, M.I.: Dynamic Intrusion Detection Using Self-Organizing Maps. In: The 14th Annual Canadian Information Technology Security Symposium (2002)
Google Scholar
Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220–237. Springer, Heidelberg (2003)
Google Scholar
Ramadas, M., Ostermann, S., Tjaden, B.C.: Detecting Anomalous Network Traffic with Self-organizing Maps. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 36–54. Springer, Heidelberg (2003)
Google Scholar
Rhodes, B.C., Mahaffey, J.A., Cannady, J.D.: Multiple Self-Organizing Maps for Intrusion Detection. In: Proceedings of the 23rd National Information Systems Security Conference, Baltimore, MD (2000)
Google Scholar
Vigna, G., Kemmerer, R.A.: NetSTAT a network-based Intrusion Detection Approach. In: Proceedings of 14th Annual Computer Security Applications Conference, Scottsdale, AZ, USA, pp. 25–34 (1998)
Google Scholar
wincap, http://winpcap.polito.it/
Zhang, Z., Li, J., Manikopoulos, C.N., Jorgenson, J., Ucles, J.: HIDE: a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification. In: Proceeding of the 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, pp. 85–90 (2001)
Google Scholar

Download references

Author information

Authors and Affiliations

Dipartimento di Elettronica Intelligenza Artificiale e Telecomunicazioni, Università Politecnica delle Marche, Ancona, Italy
Paola Baldassarri, Anna Montesanto & Paolo Puliti

Authors

Paola Baldassarri
View author publications
You can also search for this author in PubMed Google Scholar
Anna Montesanto
View author publications
You can also search for this author in PubMed Google Scholar
Paolo Puliti
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

José Mira José R. Álvarez

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Baldassarri, P., Montesanto, A., Puliti, P. (2007). Detecting Anomalous Traffic Using Statistical Discriminator and Neural Decisional Motor. In: Mira, J., Álvarez, J.R. (eds) Bio-inspired Modeling of Cognitive Tasks. IWINAC 2007. Lecture Notes in Computer Science, vol 4527. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73053-8_37

Download citation

DOI: https://doi.org/10.1007/978-3-540-73053-8_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73052-1
Online ISBN: 978-3-540-73053-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics