Shawn Ostermann scite author profile

Abstract. Integrated Network-Based Ohio University Network Detective Service (INBOUNDS) is a network based intrusion detection system being developed at Ohio University. The Anomalous Network-Traffic Detection with Self Organizing Maps (ANDSOM) module for INBOUNDS detects anomalous network traffic based on the Self-Organizing Map algorithm. Each network connection is characterized by six parameters and specified as a six-dimensional vector. The ANDSOM module creates a Self-Organizing Map (SOM) having a two-dimensional lattice of neurons for each network service. During the training phase, normal network traffic is fed to the ANDSOM module, and the neurons in the SOM are trained to capture its characteristic patterns. During real-time operation, a network connection is fed to its respective SOM, and a "winner" is selected by finding the neuron that is closest in distance to it. The network connection is then classified as an intrusion if this distance is more than a pre-set threshold.

show abstract

Estimating loss rates with TCP

Allman

Eddy

Ostermann

2003

SIGMETRICS Perform. Eval. Rev.

View full text Add to dashboard Cite

Estimating loss rates along a network path is a problem that has received much attention within the research community. However, deriving accurate estimates of the loss rate from TCP transfers has been largely unaddressed. In this paper, we first show that using a simple count of the number of retransmissions yields inaccurate estimates of the loss rate in many cases. The mis-estimation stems from flaws in TCP's retransmission schemes that cause the protocol to spuriously retransmit data in a number of cases. Next, we develop techniques for refining the retransmission count to produce a better loss rate estimate for both Reno and SACK variants of TCP. Finally, we explore two SACK-based variants of TCP with an eye towards reducing spurious retransmits, the root cause of the mis-estimation of the loss rate. An additional benefit of reducing the number of needless retransmits is a reduction in the amount of shared network resources used to accomplish no useful work.

show abstract

Detecting network intrusions via a statistical analysis of network packet characteristics

Bykova

Ostermann

Tjaden

View full text Add to dashboard Cite

Absrracf-With the growing threat of abuse of network resources, it becomes increasingly important to be able to detect malformed packets on a network and estimate the damage they ean cause. Carefully constructed, certain types of packets can cause a victim host to crash while other packets may be sent only to gather necessary information about hosts and networks and can be viewed as a prelude to attack. In this paper, we collect and analyze aU of the IP and TCP packets seen on a network that either violate existing standards or should not appear in modem intemets. Our goal is to determine what these suspiaous packets mean and evaluatewhat proportion of such packets can cause actual damage. Thus, we divide u n d packets obtained dnring our experiments into several categories depending on the severity of their consequences, ineluding indireet consequences as a result of information gathering, and show the d t s . The traces analyzed were gathered at Ohio University's main Internet link, providing a massive amount of statistical data

show abstract

Effects of local autonomy of global concurrency control in heterogeneous distributed database systems

Elmagarmid

Leu

et al.

View full text Add to dashboard Cite

New techniques for making transport protocols robust to corruption-based loss

Eddy

Ostermann

Allman³

2004

SIGCOMM Comput. Commun. Rev.

View full text Add to dashboard Cite

Current congestion control algorithms treat packet loss as an indication of network congestion, under the assumption that most losses are caused by router queues overflowing. In response to losses (congestion), a sender reduces its sending rate in an effort to reduce contention for shared network resources. In network paths where a non-negligible portion of loss is caused by packet corruption, performance can suffer due to needless reductions of the sending rate (in response to "perceived congestion" that is not really happening). This paper explores a technique, called Cumulative Explicit Transport Error Notification (CETEN), that uses information provided by the network to bring the transport's long-term average sending rate closer to that dictated by only congestionbased losses. We discuss several ways that information about the cumulative rates of packet loss due to congestion and corruption might be obtained from the network or through fairly generic transport layer instrumentation. We then explore two ways to use this information to develop a more appropriate congestion control response (CETEN). The work in this paper is done in terms of TCP. Since numerous transport protocols use TCP-like congestion control schemes, the CETEN techniques we present are applicable to other transports as well. In this paper, we present early simulation results that show CETEN to be a promising technique. In addition, this paper discusses a number of practical and thorny implementation issues associated with CETEN.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Shawn Ostermann

Detecting Anomalous Network Traffic with Self-organizing Maps

Estimating loss rates with TCP

Detecting network intrusions via a statistical analysis of network packet characteristics

Effects of local autonomy of global concurrency control in heterogeneous distributed database systems

New techniques for making transport protocols robust to corruption-based loss

Contact Info

Product

Resources

About