Abstract
We propose a statistical model, namely Geometrical Structure Anomaly Detection (GSAD) to detect intrusion using the packet payload in the network. GSAD takes into account the correlations among the packet payload features arranged in a geometrical structure. The representation is based on statistical analysis of Mahalanobis distances among payload features, which calculate the similarity of new data against precomputed profile. It calculates weight factor to determine anomaly in the payload. In the 1999 DARPA intrusion detection evaluation data set, we conduct several tests for limited attacks on port 80 and port 25. Our approach establishes and identifies the correlation among packet payloads in a network.
Original language | English |
---|---|
Title of host publication | 4th International Conference on Frontier of Computer Science and Technology, FCST 2009 |
Place of Publication | Pistacaway, NJ |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 327-333 |
Number of pages | 7 |
ISBN (Electronic) | 9781424454679 |
ISBN (Print) | 9780769539324, 9781424454662 |
DOIs | |
Publication status | Published - 2009 |
Externally published | Yes |
Event | 4th International Conference on Frontier of Computer Science and Technology, FCST 2009 - Shanghai, China Duration: 17 Dec 2009 → 19 Dec 2009 |
Other
Other | 4th International Conference on Frontier of Computer Science and Technology, FCST 2009 |
---|---|
Country/Territory | China |
City | Shanghai |
Period | 17/12/09 → 19/12/09 |
Keywords
- Geometrical structure
- Intusion detection
- Mahalanobis distance
- Pattern recognition
- Payload