Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion

Zhao, Guoqing; Yang, Jianhua; Hura, Gurdeep S.; Ni, Long; Huang, Shou-Hsuan Stephen

doi:10.1109/aina.2009.12

Cited by 4 publications

(3 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another probability-related distance is the Hellinger distance, which is related to the more well-known Hellinger metric. The Hellinger metric is shown in (24), where P 1 and P 2 are probability distributions over the domain X, p 1 (x) is the probability of x occurring in P 1 , and p 2 (x) is the probability of x occurring in P 2 .…”

Section: B Types Of Measuresmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection

Weller-Fahy

Borghetti

Sodemann

2015

IEEE Commun. Surv. Tutorials

191

View full text Add to dashboard Cite

Anomaly detection (AD) use within the network intrusion detection field of research, or network intrusion AD (NIAD), is dependent on the proper use of similarity and distance measures, but the measures used are often not documented in published research. As a result, while the body of NIAD research has grown extensively, knowledge of the utility of similarity and distance measures within the field has not grown correspondingly. NIAD research covers a myriad of domains and employs a diverse array of techniques from simple k-means clustering through advanced multiagent distributed AD systems. This review presents an overview of the use of similarity and distance measures within NIAD research. The analysis provides a theoretical background in distance measures and a discussion of various types of distance measures and their uses. Exemplary uses of distance measures in published research are presented, as is the overall state of the distance measure rigor in the field. Finally, areas that require further focus on improving the distance measure rigor in the NIAD field are presented.

show abstract

Section: B Types Of Measuresmentioning

confidence: 99%

“…Zhao et al [24] use a single distance measure which incorporates one of three correlation coefficients to detect steppingstone attacks, where one computer is used by the attacker to reach another. The authors use the alternative to the Kendall τ rank correlation previously described in ( 29), (31), (33) and (34).…”

Section: B Classificationmentioning

confidence: 99%

A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection

Weller-Fahy

Borghetti

Sodemann

2015

IEEE Commun. Surv. Tutorials

191

View full text Add to dashboard Cite

show abstract

“…However, keeping the flow state since a flow's first packet is critical for schemes that rely on the information carried in the first packet or first few packets. Methods for classifying traffic based on application identification (e.g., [4]) and network security schemes (e.g., [5]) are important classes of applications that require information from the first few packets.…”

Section: Introductionmentioning

confidence: 99%