Conversation Exchange Dynamics: A New Signal Primitive for Computer Network Intrusion Detection

Loading...
Thumbnail Image
Authors
McEachen, John C.
Zachary, John M.
Wang, Junling
Cheng, Kah Wai
Subjects
Intrusion detection
network diagnostics
statistical mechanics
Advisors
Date of Issue
2004
Date
Publisher
Language
Abstract
As distributed network intrusion detection systems expand to integrate hundreds and possibly thousands of sensors, managing and presenting the associated sensor data becomes an increasingly complex task. Methods of intelligent data reduction are needed to make sense of the wide dimensional variations. We present a new signal primitive we call conversation exchange dynamics (CED) that accentuates anomalies in traffic flow. This signal provides an aggregated primitive that may be used by intrusion detection systems to base detection strategies upon. Indications of the signal in a variety of simulated and actual anomalous network traffic from distributed sensor collections are presented. Specifically, attacks from the MIT Lawrence Livermore IDS data set are considered. We conclude that CED presents a useful signal primitive for assistance in conducting IDS.
Type
Article
Description
Series/Report No
Department
Electrical and Computer Engineering
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Telecommunications and Signal Processing, Adelaide, Australia, December 20-22, 2004
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections