Conversation Exchange Dynamics: A New Signal Primitive for Computer Network Intrusion Detection
Loading...
Authors
McEachen, John C.
Zachary, John M.
Wang, Junling
Cheng, Kah Wai
Subjects
Intrusion detection
network diagnostics
statistical mechanics
network diagnostics
statistical mechanics
Advisors
Date of Issue
2004
Date
Publisher
Language
Abstract
As distributed network intrusion detection systems expand
to integrate hundreds and possibly thousands of sensors,
managing and presenting the associated sensor data becomes
an increasingly complex task. Methods of intelligent data
reduction are needed to make sense of the wide dimensional
variations. We present a new signal primitive we call
conversation exchange dynamics (CED) that accentuates
anomalies in traffic flow. This signal provides an aggregated
primitive that may be used by intrusion detection systems to
base detection strategies upon. Indications of the signal in a
variety of simulated and actual anomalous network traffic
from distributed sensor collections are presented.
Specifically, attacks from the MIT Lawrence Livermore IDS data set are considered. We conclude that CED presents a useful signal primitive for assistance in conducting IDS.
Type
Article
Description
Series/Report No
Department
Electrical and Computer Engineering
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Telecommunications and Signal Processing, Adelaide, Australia, December 20-22, 2004
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.