Detecting Novel Network Intrusions Using Bayes Estimators

Barbará, Daniel; Wu, Ningning; Jajodia, Sushil

doi:10.1137/1.9781611972719.28

Cited by 228 publications

(143 citation statements)

References 9 publications

Supporting

Mentioning

137

Contrasting

Unclassified

Order By: Relevance

“…As a result, vector H is inherently sorted in ascending order of values because the AutomatedCluster-Threshold-Discovery procedure traverses vector C0 in a linear fashion. With these concepts in mind, let us define the column vector Y'=(y 1 , y 2 , . . .…”

Section: The Proposed Unpcc Algorithmmentioning

confidence: 99%

“…Unsupervised classification is particularly useful in detecting previously unobserved attacks in network intrusion detection domain since new attacks on computers and networks can occur any time. Furthermore, unsupervised classification algorithms are usually employed after a failure of a misuse detection classifier [1] to identify an instance as belonging to a known attack type, in order to uncover new types of intrusions. At the same time, a robust unsupervised classification algorithm could possibly eliminate the need for a human analyst in the assignment of labels to unknown attack types by fully automating the labeling process.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

UNPCC: A Novel Unsupervised Classification Scheme for Network Intrusion Detection

Xie

Quirino

Shyu

et al. 2006

2006 18th IEEE International Conference on Tools With Artificial Intelligence (ICTAI'06)

View full text Add to dashboard Cite

show abstract

Section: The Proposed Unpcc Algorithmmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

UNPCC: A Novel Unsupervised Classification Scheme for Network Intrusion Detection

Xie

Quirino

Shyu

et al. 2006

2006 18th IEEE International Conference on Tools With Artificial Intelligence (ICTAI'06)

View full text Add to dashboard Cite

show abstract

“…However, it is a little more challenging to relieve the network administrator of the task of keeping the signatures updated by monitoring the traffic to determine normal usage patterns. Systems such as ADAM [10], NIDES [11], SPADE [12], and Emerald [13] do just that. These mentioned IDS systems use an expert system database consisting of intrusive signature, encoded with knowledge gleaned from security experts to test files or network traffic for patterns known to occur in attacks.…”

Section: Background and Related Workmentioning

confidence: 99%

Investigating False Positive Reduction in HTTP via Procedure Analysis

Abimbola

Muñoz

Buchanan

2006

International Conference on Networking and Services (ICNS'06)

View full text Add to dashboard Cite

show abstract

“…The basic assumption of anomaly detection using supervised algorithms is that anomalous traffic is statistically different from normal traffic. Many studies have applied several algorithms based upon this assumption, such as the Bayesian network [16], k-nearest neighbor [17], and support vector machine algorithm [18]. Nevertheless, the performance of these algorithms has not been compared.…”

Section: Introductionmentioning

confidence: 99%

Performance of Interval-Based Features in Anomaly Detection by Using Machine Learning Approach

Limthong¹

2014

IJMLC

View full text Add to dashboard Cite

Abstract-Detecting various anomalies or unusual incidents in computer network traffic is one of the great challenges for both researchers and network administrators. If they had an efficient method that could detect network traffic anomalies quickly and accurately, they would be able to prevent security problems or network congestion caused by such anomalies. Therefore, we conducted a series of experiments to examine which and how interval-based network traffic features affect anomaly detection by using three famous machine learning algorithms: the naï ve Bayes, k-nearest neighbor, and support vector machine. Our findings would help researchers and network administrators to select effective interval-based features for each particular type of anomaly, and to choose a proper machine learning algorithm for their own network system. Index Terms-Network traffic, anomaly detection, naï veBayes, nearest neighbor, support vector machine. I. INTRODUCTIONOne of the crucial responsibilities of administrators is discovering various anomalies and unusual incidents in computer network system. Forms or causes of anomalies can vary considerably, which produce a variety of network problems such as network congestion or even security problems. Examples of network anomalies and unusual incidents are denial of service attacks (DoS), viruses or worms spreading, outages, misconfigurations, and flash crowds. If network administrators had an automatic mechanism that expeditiously detected unknown anomalies or unusual incidents, they would avoid serious consequences caused by such anomalies. Thus, an automatic mechanism detecting unknown anomalies in computer network traffic would be attractive.According to several studies [1]-[3], we can categorize detection methods into two major groups: signature-based methods and statistical-based methods.The signature-based methods, such as Snort [4], Suricata, or Bro [5], monitor and compare packets with predetermined attack patterns known as signatures. It is a simple and efficient method to examine network traffic. Although the false positive rate of this technique can also be low, comparing network packets or flows with a large set of signatures is a time consuming task and has limited predictive capabilities. In addition, the signature-based methods cannot detect novel anomalies that are not defined  Manuscript received June 15, 2013; revised December 25, 2013. This work was supported by the Faculty Members Development Scholarship Program of Bangkok University, Thailand.Kriangkrai Limthong is with the Department of Informatics, Graduate University of Advanced Studies (Sokendai), Japan (e-mail: kriangkrai.l@bu.ac.th).in signatures. It means that administrators have to update the system signatures frequently.The statistical-based methods, however, can learn behavior of network traffic and possibly detect novel anomalies and unusual incidents. Many researchers have studied on particular techniques, such as the statistical profiling using histograms [6], parametric statistical modeling [7], non-p...

show abstract

Detecting Novel Network Intrusions Using Bayes Estimators

Cited by 228 publications

References 9 publications

UNPCC: A Novel Unsupervised Classification Scheme for Network Intrusion Detection

UNPCC: A Novel Unsupervised Classification Scheme for Network Intrusion Detection

Investigating False Positive Reduction in HTTP via Procedure Analysis

Performance of Interval-Based Features in Anomaly Detection by Using Machine Learning Approach

Contact Info

Product

Resources

About