Conversation Exchange Dynamics: A New Signal Primitive for Computer Network Intrusion Detection

McEachen, John C.; Zachary, John M.; Wang, Junling; Cheng, Kah Wai

Download

inc_McEachen_Conversation_Exchange_Dynamics_2004.pdf (683.7Kb)

Download Record

Download to EndNote/RefMan (RIS)

Download to BibTex

Author

McEachen, John C.

Zachary, John M.

Wang, Junling

Cheng, Kah Wai

Date

2004

Metadata

Show full item record

Abstract

As distributed network intrusion detection systems expand to integrate hundreds and possibly thousands of sensors, managing and presenting the associated sensor data becomes an increasingly complex task. Methods of intelligent data reduction are needed to make sense of the wide dimensional variations. We present a new signal primitive we call conversation exchange dynamics (CED) that accentuates anomalies in traffic flow. This signal provides an aggregated primitive that may be used by intrusion detection systems to base detection strategies upon. Indications of the signal in a variety of simulated and actual anomalous network traffic from distributed sensor collections are presented. Specifically, attacks from the MIT Lawrence Livermore IDS data set are considered. We conclude that CED presents a useful signal primitive for assistance in conducting IDS.

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.

URI

http://hdl.handle.net/10945/39262

Collections

Faculty and Researchers' Publications